Lucene search

[email protected]CVE-2020-17470

HistoryDec 11, 2020 - 11:15 p.m.

CVE-2020-17470

2020-12-1123:15:00

CWE-330

[email protected]

web.nvd.nist.gov

fnet

cve-2020-17470

dns client

security vulnerability

cache poisoning attack

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

9.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

32.6%

JSON

An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.

CPENameOperatorVersion
butok:fnetbutok fnetle4.6.4

CPE	Name	Operator	Version
butok:fnet	butok fnet	le	4.6.4

References

fnet.sourceforge.net/manual/fnet_history.html

us-cert.cisa.gov/ics/advisories/icsa-20-343-01

www.kb.cert.org/vuls/id/815128

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

9.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

32.6%

JSON

Related for CVE-2020-17470

osv1 prion1 cert1 ics1