7.5
CVE-2017-10874
- EPSS 0.62%
- Veröffentlicht 01.12.2017 14:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle vultures@jpcert.or.jp
- Teams Watchlist Login
- Unerledigt Login
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ntt-east ≫ Pwr-q200 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.676 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.