CVE-2021-3773

CRITICAL

Linux Kernel < 5.14 - Exposure of Sensitive Information via netfilter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3773. PoCs published by d0rb.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-3773, a Port Shadow vulnerability in OpenVPN servers using Netfilter for NAT. The script uses Scapy to craft UDP packets, creating port shadows to deanonymize victims or perform man-in-the-middle attacks.

Description

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

Exploits (1)

nomisec WORKING POC
by d0rb · poc
https://github.com/d0rb/CVE-2021-3773

This repository contains a functional exploit for CVE-2021-3773, a Port Shadow vulnerability in OpenVPN servers using Netfilter for NAT. The script uses Scapy to craft UDP packets, creating port shadows to deanonymize victims or perform man-in-the-middle attacks.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: OpenVPN with Netfilter NAT
No auth needed
Prerequisites: Python 3.x · Scapy library · Root or Administrator privileges
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.0532
EPSS Percentile 91.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-200
Status published
Products (8)
fedoraproject/fedora 34
linux/linux_kernel < 5.14
oracle/communications_cloud_native_core_binding_support_function 22.1.3
oracle/communications_cloud_native_core_network_exposure_function 22.1.1
oracle/communications_cloud_native_core_policy 22.2.0
redhat/enterprise_linux 6.0
redhat/enterprise_linux 7.0
redhat/enterprise_linux 8.0
Published Feb 16, 2022
Tracked Since Feb 18, 2026