Описание
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific request). Data is predictable because it is based on the time of day, and has too few bits.
Ссылки
- MitigationThird Party Advisory
- Third Party AdvisoryUS Government Resource
- MitigationThird Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific request). Data is predictable because it is based on the time of day, and has too few bits.
Уязвимость DNS-клиента стеков TCP/IP NicheLite и InterNiche, позволяющая нарушителю проводить спуфинг-атаки
EPSS
7.5 High
CVSS3
5 Medium
CVSS2