CVE-2023-28457

Sept. 20, 2024, 12:30 p.m.

7.5
High

Description

An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful.

Product(s) Impacted

Product Versions
Technitium
  • up to 11.0.3

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

https://gist.github.com/idealeer/89947ca07836fd0f7e9761198ca9a0f3
https://technitium.com/dns/

Tags

cve@mitre.org
CWE-345
2024-09-18
CVE-2023-28457

CVSS Score

7.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: HIGH
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

    View Vector String

Timeline

Published: Sept. 18, 2024, 3:15 p.m.
Last Modified: Sept. 20, 2024, 12:30 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.