Vulnerabilities > CVE-2021-3448

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

high complexity

NVD

Published: 2021-04-08

Updated: 2023-11-07

Summary

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

Vulnerable Configurations

Part	Description	Count
Application	Thekelleys Thekelleys Dnsmasq - Thekelleys Dnsmasq 0.4 Thekelleys Dnsmasq 0.5 Thekelleys Dnsmasq 0.6 Thekelleys Dnsmasq 0.7 Thekelleys Dnsmasq 0.95 Thekelleys Dnsmasq 0.96 Thekelleys Dnsmasq 0.98 Thekelleys Dnsmasq 0.992 Thekelleys Dnsmasq 0.996 Thekelleys Dnsmasq 1.0 Thekelleys Dnsmasq 1.2 Thekelleys Dnsmasq 1.3 Thekelleys Dnsmasq 1.4 Thekelleys Dnsmasq 1.5 Thekelleys Dnsmasq 1.6 Thekelleys Dnsmasq 1.7 Thekelleys Dnsmasq 1.8 Thekelleys Dnsmasq 1.9 Thekelleys Dnsmasq 1.10 Thekelleys Dnsmasq 1.11 Thekelleys Dnsmasq 1.12 Thekelleys Dnsmasq 1.13 Thekelleys Dnsmasq 1.14 Thekelleys Dnsmasq 1.15 Thekelleys Dnsmasq 1.16 Thekelleys Dnsmasq 1.17 Thekelleys Dnsmasq 1.18 Thekelleys Dnsmasq 2.0 Thekelleys Dnsmasq 2.1 Thekelleys Dnsmasq 2.2 Thekelleys Dnsmasq 2.3 Thekelleys Dnsmasq 2.4 Thekelleys Dnsmasq 2.5 Thekelleys Dnsmasq 2.6 Thekelleys Dnsmasq 2.7 Thekelleys Dnsmasq 2.8 Thekelleys Dnsmasq 2.9 Thekelleys Dnsmasq 2.10 Thekelleys Dnsmasq 2.11 Thekelleys Dnsmasq 2.12 Thekelleys Dnsmasq 2.13 Thekelleys Dnsmasq 2.14 Thekelleys Dnsmasq 2.15 Thekelleys Dnsmasq 2.16 Thekelleys Dnsmasq 2.17 Thekelleys Dnsmasq 2.18 Thekelleys Dnsmasq 2.19 Thekelleys Dnsmasq 2.20 Thekelleys Dnsmasq 2.21 Thekelleys Dnsmasq 2.22 Thekelleys Dnsmasq 2.23 Thekelleys Dnsmasq 2.24 Thekelleys Dnsmasq 2.25 Thekelleys Dnsmasq 2.26 Thekelleys Dnsmasq 2.27 Thekelleys Dnsmasq 2.28 Thekelleys Dnsmasq 2.29 Thekelleys Dnsmasq 2.30 Thekelleys Dnsmasq 2.31 Thekelleys Dnsmasq 2.33 Thekelleys Dnsmasq 2.34 Thekelleys Dnsmasq 2.35 Thekelleys Dnsmasq 2.36 Thekelleys Dnsmasq 2.37 Thekelleys Dnsmasq 2.38 Thekelleys Dnsmasq 2.39 Thekelleys Dnsmasq 2.40 Thekelleys Dnsmasq 2.41 Thekelleys Dnsmasq 2.42 Thekelleys Dnsmasq 2.43 Thekelleys Dnsmasq 2.44 Thekelleys Dnsmasq 2.45 Thekelleys Dnsmasq 2.46 Thekelleys Dnsmasq 2.47 Thekelleys Dnsmasq 2.48 Thekelleys Dnsmasq 2.49 Thekelleys Dnsmasq 2.50 Thekelleys Dnsmasq 2.51 Thekelleys Dnsmasq 2.52 Thekelleys Dnsmasq 2.53 Thekelleys Dnsmasq 2.54 Thekelleys Dnsmasq 2.55 Thekelleys Dnsmasq 2.56 Thekelleys Dnsmasq 2.57 Thekelleys Dnsmasq 2.58 Thekelleys Dnsmasq 2.59 Thekelleys Dnsmasq 2.60 Thekelleys Dnsmasq 2.61 Thekelleys Dnsmasq 2.62 Thekelleys Dnsmasq 2.63 Thekelleys Dnsmasq 2.64 Thekelleys Dnsmasq 2.65 Thekelleys Dnsmasq 2.66 Thekelleys Dnsmasq 2.67 Thekelleys Dnsmasq 2.68 Thekelleys Dnsmasq 2.69 Thekelleys Dnsmasq 2.70 Thekelleys Dnsmasq 2.71 Thekelleys Dnsmasq 2.72 Thekelleys Dnsmasq 2.73 Thekelleys Dnsmasq 2.74 Thekelleys Dnsmasq 2.75 Thekelleys Dnsmasq 2.76 Thekelleys Dnsmasq 2.77 Thekelleys Dnsmasq 2.78 Thekelleys Dnsmasq 2.79 Thekelleys Dnsmasq 2.80 Thekelleys Dnsmasq 2.81 Thekelleys Dnsmasq 2.82 Thekelleys Dnsmasq 2.83 Thekelleys Dnsmasq 2.84	114
Application	Oracle Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.9.0	1
OS	Redhat Redhat Enterprise Linux 8.0	1
OS	Fedoraproject Fedoraproject Fedora 32 Fedoraproject Fedora 33 Fedoraproject Fedora 34	3

Vulnerabilities > CVE-2021-3448

Summary

Vulnerable Configurations

Related news

References

Vulnerabilities > CVE-2021-3448 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-3448"}]}

Summary

Vulnerable Configurations

Related news

References

Vulnerabilities > CVE-2021-3448