Lucene search

[email protected]CVE-2021-25220

HistoryMar 23, 2022 - 1:15 p.m.

CVE-2021-25220

2022-03-2313:15:07

CWE-444

[email protected]

web.nvd.nist.gov

545

cve

2021

25220

bind

security

vulnerability

nvd

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.6%

JSON

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

Affected configurations

NVD

Node

iscbindRange9.11.0–9.11.37-

iscbindRange9.11.4–9.11.37supported_preview

iscbindRange9.12.0–9.16.27-

iscbindRange9.16.8–9.16.27supported_preview

iscbindRange9.17.0–9.18.0-

Node

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph300e_firmwareMatch-

AND

netapph300eMatch-

Node

netapph500e_firmwareMatch-

AND

netapph500eMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

Node

siemenssinec_insRange<1.0

siemenssinec_insMatch1.0-

siemenssinec_insMatch1.0sp1

Node

juniperjunosRange<19.3

juniperjunosMatch19.3-

juniperjunosMatch19.3r1-s1

juniperjunosMatch19.3r2

juniperjunosMatch19.3r2-s1

juniperjunosMatch19.3r2-s2

juniperjunosMatch19.3r2-s3

juniperjunosMatch19.3r2-s4

juniperjunosMatch19.3r2-s5

juniperjunosMatch19.3r2-s6

juniperjunosMatch19.3r2-s7

juniperjunosMatch19.3r3

juniperjunosMatch19.3r3-s1

juniperjunosMatch19.3r3-s2

juniperjunosMatch19.3r3-s3

juniperjunosMatch19.3r3-s4

juniperjunosMatch19.3r3-s5

juniperjunosMatch19.3r3-s6

juniperjunosMatch19.4-

juniperjunosMatch19.4r1

juniperjunosMatch19.4r1-s1

juniperjunosMatch19.4r1-s2

juniperjunosMatch19.4r1-s3

juniperjunosMatch19.4r1-s4

juniperjunosMatch19.4r2

juniperjunosMatch19.4r2-s1

juniperjunosMatch19.4r2-s2

juniperjunosMatch19.4r2-s3

juniperjunosMatch19.4r2-s4

juniperjunosMatch19.4r2-s5

juniperjunosMatch19.4r2-s6

juniperjunosMatch19.4r2-s7

juniperjunosMatch19.4r3

juniperjunosMatch19.4r3-s1

juniperjunosMatch19.4r3-s2

juniperjunosMatch19.4r3-s3

juniperjunosMatch19.4r3-s4

juniperjunosMatch19.4r3-s5

juniperjunosMatch19.4r3-s6

juniperjunosMatch19.4r3-s7

juniperjunosMatch19.4r3-s8

juniperjunosMatch20.2-

juniperjunosMatch20.2r1

juniperjunosMatch20.2r1-s1

juniperjunosMatch20.2r1-s2

juniperjunosMatch20.2r1-s3

juniperjunosMatch20.2r2

juniperjunosMatch20.2r2-s1

juniperjunosMatch20.2r2-s2

juniperjunosMatch20.2r2-s3

juniperjunosMatch20.2r3

juniperjunosMatch20.2r3-s1

juniperjunosMatch20.2r3-s2

juniperjunosMatch20.2r3-s3

juniperjunosMatch20.2r3-s4

juniperjunosMatch20.3-

juniperjunosMatch20.3r1

juniperjunosMatch20.3r1-s1

juniperjunosMatch20.3r1-s2

juniperjunosMatch20.3r2

juniperjunosMatch20.3r2-s1

juniperjunosMatch20.3r3

juniperjunosMatch20.3r3-s1

juniperjunosMatch20.3r3-s2

juniperjunosMatch20.3r3-s3

juniperjunosMatch20.3r3-s4

juniperjunosMatch20.4-

juniperjunosMatch20.4r1

juniperjunosMatch20.4r1-s1

juniperjunosMatch20.4r2

juniperjunosMatch20.4r2-s1

juniperjunosMatch20.4r2-s2

juniperjunosMatch20.4r3

juniperjunosMatch20.4r3-s1

juniperjunosMatch20.4r3-s2

juniperjunosMatch20.4r3-s3

juniperjunosMatch20.4r3-s4

juniperjunosMatch21.1-

juniperjunosMatch21.1r1

juniperjunosMatch21.1r1-s1

juniperjunosMatch21.1r2

juniperjunosMatch21.1r2-s1

juniperjunosMatch21.1r2-s2

juniperjunosMatch21.1r3

juniperjunosMatch21.1r3-s1

juniperjunosMatch21.1r3-s2

juniperjunosMatch21.2-

juniperjunosMatch21.2r1

juniperjunosMatch21.2r1-s1

juniperjunosMatch21.2r1-s2

juniperjunosMatch21.2r2

juniperjunosMatch21.2r2-s1

juniperjunosMatch21.2r2-s2

juniperjunosMatch21.2r3

juniperjunosMatch21.2r3-s1

juniperjunosMatch21.3-

juniperjunosMatch21.3r1

juniperjunosMatch21.3r1-s1

juniperjunosMatch21.3r1-s2

juniperjunosMatch21.3r2

juniperjunosMatch21.3r2-s1

juniperjunosMatch21.3r2-s2

juniperjunosMatch21.3r3

juniperjunosMatch21.4-

juniperjunosMatch21.4r1

juniperjunosMatch21.4r1-s1

juniperjunosMatch21.4r1-s2

juniperjunosMatch21.4r2

juniperjunosMatch22.1r1

juniperjunosMatch22.1r1-s1

juniperjunosMatch22.2r1

AND

junipersrx100Match-

junipersrx110Match-

junipersrx1400Match-

junipersrx1500Match-

junipersrx210Match-

junipersrx220Match-

junipersrx240Match-

junipersrx240h2Match-

junipersrx240mMatch-

junipersrx300Match-

junipersrx320Match-

junipersrx340Match-

junipersrx3400Match-

junipersrx345Match-

junipersrx3600Match-

junipersrx380Match-

junipersrx4000Match-

junipersrx4100Match-

junipersrx4200Match-

junipersrx4600Match-

junipersrx5000Match-

junipersrx5400Match-

junipersrx550Match-

junipersrx550_hmMatch-

junipersrx550mMatch-

junipersrx5600Match-

junipersrx5800Match-

junipersrx650Match-

CPENameOperatorVersion
isc:bindisc bindlt9.11.37
isc:bindisc bindlt9.16.27
isc:bindisc bindle9.18.0

CPE	Name	Operator	Version
isc:bind	isc bind	lt	9.11.37
isc:bind	isc bind	lt	9.16.27
isc:bind	isc bind	le	9.18.0

CNA Affected

[
  {
    "vendor": "ISC",
    "product": "BIND",
    "versions": [
      {
        "version": "Open Source Branch 9.11  9.11.0 through versions before 9.11.37",
        "status": "affected"
      },
      {
        "version": "Development Branch 9.17  BIND 9.17 all version",
        "status": "affected"
      },
      {
        "version": "Open Source Branch 9.12-16  9.12.0 through versions before 9.16.27",
        "status": "affected"
      },
      {
        "version": "Open Source Branch 9.18 9.18.0",
        "status": "affected"
      },
      {
        "version": "Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S",
        "status": "affected"
      },
      {
        "version": "Supported Preview Branch 9.16-S  9.16.0-S through versions before 9.16.27-S",
        "status": "affected"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

kb.isc.org/v1/docs/cve-2021-25220

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/

security.gentoo.org/glsa/202210-25

security.netapp.com/advisory/ntap-20220408-0001/

supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US