Lucene search

RedhatCVE-2019-10191

HistoryJul 16, 2019 - 6:15 p.m.

CVE-2019-10191

2019-07-1618:15:12

CWE-20

redhat

web.nvd.nist.gov

201

vulnerability

dns resolver

knot resolver

downgrade

dnssec

secure

insecure

domain hijack

attacks

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.007

Percentile

80.5%

JSON

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.

Affected configurations

Nvd

Vulners

Node

nicknot_resolverRange<4.1.0

Node

fedoraprojectfedoraMatch29

fedoraprojectfedoraMatch30

VendorProductVersionCPE
nicknot_resolver*cpe:2.3:a:nic:knot_resolver:*:*:*:*:*:*:*:*
fedoraprojectfedora29cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
fedoraprojectfedora30cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nic	knot_resolver	*	cpe:2.3:a:nic:knot_resolver::::::::
fedoraproject	fedora	29	cpe:2.3:o:fedoraproject:fedora:29:::::::*
fedoraproject	fedora	30	cpe:2.3:o:fedoraproject:fedora:30:::::::*

CNA Affected

[
  {
    "product": "knot-resolver",
    "vendor": "CZ.NIC",
    "versions": [
      {
        "status": "affected",
        "version": "all before 4.1.0"
      }
    ]
  }
]