CVE-2021-45485

Published: Dic 25, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-32251 Aliases: GSD-2021-45485
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0051
Percentile
0,7th
Updated

EPSS Score Trend (Last 90 Days)

327

Use of a Broken or Risky Cryptographic Algorithm

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Accountability Non-Repudiation
Potential Impacts:
Read Application Data Modify Application Data Hide Activities
Applicable Platforms
Languages: Not Language-Specific, Verilog, VHDL
Technologies: Not Technology-Specific, ICS/OT
Likelihood of Exploit: High
View CWE Details
Operating System

Brocade Fabric Operating System Firmware by Netapp

Product Information
Vendor Netapp
Product Brocade Fabric Operating System Firmware
Version -
cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fabric-Attached Storage A400 Firmware by Netapp

Product Information
Vendor Netapp
Product Fabric-Attached Storage A400 Firmware
Version -
cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

H700E Firmware by Netapp

Product Information
Vendor Netapp
Product H700E Firmware
Version -
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

H300E Firmware by Netapp

Product Information
Vendor Netapp
Product H300E Firmware
Version -
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

H410C Firmware by Netapp

Product Information
Vendor Netapp
Product H410C Firmware
Version -
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fabric-Attached Storage 8300 Firmware by Netapp

Product Information
Vendor Netapp
Product Fabric-Attached Storage 8300 Firmware
Version -
cpe:2.3:o:netapp:fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

All Flash Fabric-Attached Storage 8700 Firmware by Netapp

Product Information
Vendor Netapp
Product All Flash Fabric-Attached Storage 8700 Firmware
Version -
cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

H500E Firmware by Netapp

Product Information
Vendor Netapp
Product H500E Firmware
Version -
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

H700S Firmware by Netapp

Product Information
Vendor Netapp
Product H700S Firmware
Version -
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Aff A400 Firmware by Netapp

Product Information
Vendor Netapp
Product Aff A400 Firmware
Version -
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

H615C Firmware by Netapp

Product Information
Vendor Netapp
Product H615C Firmware
Version -
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

H300S Firmware by Netapp

Product Information
Vendor Netapp
Product H300S Firmware
Version -
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Binding Support Function by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Binding Support Function
Version 22.1.3
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Policy by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Policy
Version 22.2.0
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

H500S Firmware by Netapp

Product Information
Vendor Netapp
Product H500S Firmware
Version -
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

H610C Firmware by Netapp

Product Information
Vendor Netapp
Product H610C Firmware
Version -
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Network Exposure Function by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Network Exposure Function
Version 22.1.1
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

E-Series Santricity Os Controller by Netapp

Product Information
Vendor Netapp
Product E-Series Santricity Os Controller
Version -
cpe:2.3:a:netapp:e-series_santricity_os_controller:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

All Flash Fabric-Attached Storage 8300 Firmware by Netapp

Product Information
Vendor Netapp
Product All Flash Fabric-Attached Storage 8300 Firmware
Version -
cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fabric-Attached Storage 8700 Firmware by Netapp

Product Information
Vendor Netapp
Product Fabric-Attached Storage 8700 Firmware
Version -
cpe:2.3:o:netapp:fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

H410S Firmware by Netapp

Product Information
Vendor Netapp
Product H410S Firmware
Version -
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Solidfire \& Hci Management Node by Netapp

Product Information
Vendor Netapp
Product Solidfire \& Hci Management Node
Version -
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Solidfire\, Enterprise Sds \& Hci Storage Node by Netapp

Product Information
Vendor Netapp
Product Solidfire\, Enterprise Sds \& Hci Storage Node
Version -
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
To 5.13.3 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Hci Compute Node Firmware by Netapp

Product Information
Vendor Netapp
Product Hci Compute Node Firmware
Version -
cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

H610S Firmware by Netapp

Product Information
Vendor Netapp
Product H610S Firmware
Version -
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://arxiv.org/pdf/2112.09604.pdf
Technical Description Third Party Advisory
https://arxiv.org/pdf/2112.09604.pdf
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13…
Release Notes Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/li…
Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6…
https://security.netapp.com/advisory/ntap-20220121-0001/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0001/
https://www.oracle.com/security-alerts/cpujul2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://arxiv.org/pdf/2112.09604.pdf
Technical Description Third Party Advisory
https://arxiv.org/pdf/2112.09604.pdf
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13…
Release Notes Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/li…
Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6…
https://security.netapp.com/advisory/ntap-20220121-0001/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0001/
https://www.oracle.com/security-alerts/cpujul2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html