3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.01 Low
EPSS
Percentile
83.6%
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | bind9 | < 1:9.10.3.dfsg.P4-12.4 | bind9_1:9.10.3.dfsg.P4-12.4_all.deb |
Debian | 11 | all | bind9 | < 1:9.10.3.dfsg.P4-12.4 | bind9_1:9.10.3.dfsg.P4-12.4_all.deb |
Debian | 10 | all | bind9 | < 1:9.10.3.dfsg.P4-12.4 | bind9_1:9.10.3.dfsg.P4-12.4_all.deb |
Debian | 999 | all | bind9 | < 1:9.10.3.dfsg.P4-12.4 | bind9_1:9.10.3.dfsg.P4-12.4_all.deb |
Debian | 13 | all | bind9 | < 1:9.10.3.dfsg.P4-12.4 | bind9_1:9.10.3.dfsg.P4-12.4_all.deb |
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.01 Low
EPSS
Percentile
83.6%