Lucene search

[email protected]NVD:CVE-2020-24377

HistorySep 16, 2020 - 8:15 p.m.

CVE-2020-24377

2020-09-1620:15:14

CWE-20

[email protected]

web.nvd.nist.gov

dns rebinding

freebox os

web interface

freebox server

cve-2020-24377

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.003

Percentile

66.1%

JSON

A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3.

Affected configurations

Nvd

Node

freefreebox_revolution_firmwareRange<4.2.3

AND

freefreebox_revolutionMatch-

Node

freefreebox_mini_firmwareRange<4.2.3

AND

freefreebox_miniMatch-

Node

freefreebox_one_firmwareRange<4.2.3

AND

freefreebox_oneMatch-

Node

freefreebox_delta_firmwareRange<4.2.3

AND

freefreebox_deltaMatch-

Node

freefreebox_pop_firmwareRange<4.2.3

AND

freefreebox_popMatch-

VendorProductVersionCPE
freefreebox_revolution_firmware*cpe:2.3:o:free:freebox_revolution_firmware:*:*:*:*:*:*:*:*
freefreebox_revolution-cpe:2.3:h:free:freebox_revolution:-:*:*:*:*:*:*:*
freefreebox_mini_firmware*cpe:2.3:o:free:freebox_mini_firmware:*:*:*:*:*:*:*:*
freefreebox_mini-cpe:2.3:h:free:freebox_mini:-:*:*:*:*:*:*:*
freefreebox_one_firmware*cpe:2.3:o:free:freebox_one_firmware:*:*:*:*:*:*:*:*
freefreebox_one-cpe:2.3:h:free:freebox_one:-:*:*:*:*:*:*:*
freefreebox_delta_firmware*cpe:2.3:o:free:freebox_delta_firmware:*:*:*:*:*:*:*:*
freefreebox_delta-cpe:2.3:h:free:freebox_delta:-:*:*:*:*:*:*:*
freefreebox_pop_firmware*cpe:2.3:o:free:freebox_pop_firmware:*:*:*:*:*:*:*:*
freefreebox_pop-cpe:2.3:h:free:freebox_pop:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
free	freebox_revolution_firmware	*	cpe:2.3:o:free:freebox_revolution_firmware::::::::
free	freebox_revolution	-	cpe:2.3:h:free:freebox_revolution:-:::::::*
free	freebox_mini_firmware	*	cpe:2.3:o:free:freebox_mini_firmware::::::::
free	freebox_mini	-	cpe:2.3:h:free:freebox_mini:-:::::::*
free	freebox_one_firmware	*	cpe:2.3:o:free:freebox_one_firmware::::::::
free	freebox_one	-	cpe:2.3:h:free:freebox_one:-:::::::*
free	freebox_delta_firmware	*	cpe:2.3:o:free:freebox_delta_firmware::::::::
free	freebox_delta	-	cpe:2.3:h:free:freebox_delta:-:::::::*
free	freebox_pop_firmware	*	cpe:2.3:o:free:freebox_pop_firmware::::::::
free	freebox_pop	-	cpe:2.3:h:free:freebox_pop:-:::::::*

References

dev.freebox.fr/blog/?p=10222

www.gabriel.urdhr.fr/2020/09/23/dns-rebinding-freebox/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.003

Percentile

66.1%

JSON

Related for NVD:CVE-2020-24377

cve1 cvelist1 prion1