CVE-2021-3773

CRITICAL

Netfilter - Info Disclosure

Title source: llm

Description

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

Exploits (1)

nomisec WORKING POC

by d0rb · poc

https://github.com/d0rb/CVE-2021-3773

View Code ZIP pw:eip

References (4)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2004949

[Various Sources] https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20250328-0004/

Scores

CVSS v3 9.8

EPSS 0.0065

EPSS Percentile 70.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-200

Status published

Products (8)

fedoraproject/fedora 34

linux/linux_kernel < 5.14

oracle/communications_cloud_native_core_binding_support_function 22.1.3

oracle/communications_cloud_native_core_network_exposure_function 22.1.1

oracle/communications_cloud_native_core_policy 22.2.0

redhat/enterprise_linux 6.0

redhat/enterprise_linux 7.0

redhat/enterprise_linux 8.0

Published Feb 16, 2022

Tracked Since Feb 18, 2026