### [CVE-2021-3448](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3448)
![](https://img.shields.io/static/v1?label=Product&message=dnsmasq&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=dnsmasq%202.85%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-358&color=brightgreen)

### Description

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpujan2022.html

#### Github
- https://github.com/criminalip/CIP-NSE-Script
- https://github.com/n0-traces/cve_monitor