Design/Logic Flaw

2022-02-1818:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

67.3%

JSON

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
fedoraeq34
linux_kernelle5.14.21
e-series_santricity_os_controllerge11.0
e-series_santricity_os_controllerle11.70.1
communications_cloud_native_core_binding_support_functioneq22.1.3
communications_cloud_native_core_network_exposure_functioneq22.1.1
communications_cloud_native_core_policyeq22.2.0

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
fedora	eq	34
linux_kernel	le	5.14.21
e-series_santricity_os_controller	ge	11.0
e-series_santricity_os_controller	le	11.70.1
communications_cloud_native_core_binding_support_function	eq	22.1.3
communications_cloud_native_core_network_exposure_function	eq	22.1.1
communications_cloud_native_core_policy	eq	22.2.0