CVE-2020-14312

EPSS 0.11%
Published 06.02.2021 00:15:12
Last modified 21.11.2024 05:02:59
Source secalert@redhat.com
CVE-Watchlists
Login
Open
Login

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Version < 31

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.304

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://bugzilla.redhat.com/show_bug.cgi?id=1851342

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-14312

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14312

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14312

EUVD