VAR-202006-1508
Vulnerability from variot - Updated: 2023-12-18 10:54XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. ・ Abuse the full resolver as a stepping stone for reflection attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dns",
"scope": "lte",
"trust": 1.0,
"vendor": "xack",
"version": "1.10.8"
},
{
"model": "dns",
"scope": "gte",
"trust": 1.0,
"vendor": "xack",
"version": "1.8.0"
},
{
"model": "dns",
"scope": "gte",
"trust": 1.0,
"vendor": "xack",
"version": "1.11.0"
},
{
"model": "dns",
"scope": "lte",
"trust": 1.0,
"vendor": "xack",
"version": "1.7.18"
},
{
"model": "dns",
"scope": "lte",
"trust": 1.0,
"vendor": "xack",
"version": "1.11.4"
},
{
"model": "dns",
"scope": "gte",
"trust": 1.0,
"vendor": "xack",
"version": "1.10.0"
},
{
"model": "dns",
"scope": "lte",
"trust": 1.0,
"vendor": "xack",
"version": "1.8.23"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.10.0 \u304b\u3089 1.10.8"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.11.0 \u304b\u3089 1.11.4"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.7.0 \u304b\u3089 1.7.18"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.7.0 \u306e\u5168\u3066"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.8.0 \u304b\u3089 1.8.23"
},
{
"model": "dns",
"scope": "gte",
"trust": 0.6,
"vendor": "xack",
"version": "1.11.0,\u003c=1.11.4"
},
{
"model": "dns",
"scope": "gte",
"trust": 0.6,
"vendor": "xack",
"version": "1.10.0,\u003c=1.10.8"
},
{
"model": "dns",
"scope": "gte",
"trust": 0.6,
"vendor": "xack",
"version": "1.8.0,\u003c=1.8.23"
},
{
"model": "dns",
"scope": "gte",
"trust": 0.6,
"vendor": "xack",
"version": "1.7.0,\u003c=1.7.18"
},
{
"model": "dns",
"scope": "lt",
"trust": 0.6,
"vendor": "xack",
"version": "1.7.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35967"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "NVD",
"id": "CVE-2020-5591"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xack:xack_dns:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xack:xack_dns:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.8.23",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xack:xack_dns:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.10.8",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xack:xack_dns:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.11.4",
"versionStartIncluding": "1.11.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5591"
}
]
},
"cve": "CVE-2020-5591",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000036",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-35967",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000036",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5591",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-000036",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-35967",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-562",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35967"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "NVD",
"id": "CVE-2020-5591"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-562"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver\u0027s performance or compromising the recursive resolver as a reflector in a reflection attack. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. \u30fb Abuse the full resolver as a stepping stone for reflection attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5591"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "CNVD",
"id": "CNVD-2020-35967"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5591",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN40208370",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-35967",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-562",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35967"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "NVD",
"id": "CVE-2020-5591"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-562"
}
]
},
"id": "VAR-202006-1508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35967"
}
],
"trust": 1.01666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35967"
}
]
},
"last_update_date": "2023-12-18T10:54:45.413000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-8616 (NXNSAttack) \u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "https://xack.co.jp/info/?id=622"
},
{
"title": "Patch for XACK DNS Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/224363"
},
{
"title": "XACK DNS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121385"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35967"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-562"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-674",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "NVD",
"id": "CVE-2020-5591"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn40208370/index.html"
},
{
"trust": 1.6,
"url": "https://xack.co.jp/info/?id=622"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5591"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5591"
},
{
"trust": 0.8,
"url": "https://jprs.jp/tech/security/2020-05-20-bind9-vuln-processing-referrals.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn40208370/index.html"
},
{
"trust": 0.8,
"url": "http://www.nxnsattack.com/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000036.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35967"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "NVD",
"id": "CVE-2020-5591"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-562"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-35967"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "NVD",
"id": "CVE-2020-5591"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-562"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35967"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"date": "2020-06-05T18:15:14.293000",
"db": "NVD",
"id": "CVE-2020-5591"
},
{
"date": "2020-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-562"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35967"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"date": "2020-06-11T16:23:07.713000",
"db": "NVD",
"id": "CVE-2020-5591"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-562"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-562"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XACK DNS Service operation interruption in (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-562"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…