CVE-2021-20322
moderate-risk
Published 2022-02-18
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
Do I need to act?
-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.4/10
High
NETWORK
/ HIGH complexity
Affected Products (20)
Fas Baseboard Management Controller Firmware
Aff A700S Firmware
Affected Vendors
References (18)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2014230
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220303-0002/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2014230
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220303-0002/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
43
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
1/34 · Minimal
Exposure
20/34 · Moderate