CVE-2021-3773

Опубликовано: 16 фев. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2004949
Issue Tracking
Third Party Advisory
https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2004949
Issue Tracking
Third Party Advisory
https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/
https://security.netapp.com/advisory/ntap-20250328-0004/
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.14 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.15 (включая) до 5.15.15 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00441

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-3773

CVSS3: 9.8

ubuntu

больше 3 лет назад

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

CVE-2021-3773

CVSS3: 5.9

redhat

почти 4 года назад

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

CVE-2021-3773

CVSS3: 9.8

debian

больше 3 лет назад

A flaw in netfilter could allow a network-connected attacker to infer ...

GHSA-3xjv-m925-6jcj

CVSS3: 9.8

github

больше 3 лет назад

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

RLSA-2022:1988

rocky

около 3 лет назад

Important: kernel security, bug fix, and enhancement update

EPSS

Процентиль: 62%

0.00441

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo