Multiple dnsmasq vulnerabilities in F5 F5OS

Mar 31, 2021 12:00 am Cyber Security 199
Published: 2021-03-31


Risk
Low
Patch available
NO
Number of vulnerabilities
3
CVE ID
CVE-2020-25684CVE-2020-25685CVE-2020-25686
CWE ID
CWE-345CWE-327
Exploitation vector
Network
Public exploit
Public exploit code for vulnerability #1 is available.Public exploit code for vulnerability #2 is available.Public exploit code for vulnerability #3 is available.
Vulnerable softwareSubscribe
F5OSOperating systems & Components / Operating system
Vendor
F5 Networks, Inc.

Security Advisory


3) Insufficient verification of data authenticity


Risk: Low


CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C]


CVE-ID: CVE-2020-25686


CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity


Exploit availability: Yes


Description

The vulnerability allows a remote attacker to compromise the target system.


The vulnerability exists due to the affected software does not check for an existing pending request for the same name and forwards a new request. A remote attacker can perform a DNS cache poisoning attack.


Mitigation

Cybersecurity Help is currently unaware of any official solution to ..

Support the originator by clicking the read the rest link below.

multiple dnsmasq vulnerabilities
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!