Vulnerability Details : CVE-2021-32575
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
Exploit prediction scoring system (EPSS) score for CVE-2021-32575
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-32575
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:N/I:P/A:N |
6.5
|
2.9
|
NIST |
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2021-32575
-
https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296
HCSEC-2021-14 - Nomad Bridge Networking Mode Allows ARP Spoofing From Other Bridged Tasks On Same Node - Security - HashiCorp DiscussPatch;Vendor Advisory
-
https://www.hashicorp.com/blog/category/nomad
HashiCorp BlogProduct
Products affected by CVE-2021-32575
- cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*
- cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*