Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2020-8617 | First vendor Publication | 2020-05-19 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 5.9 | ||
| Base Score | 5.9 | Environmental Score | 5.9 |
| impact SubScore | 3.6 | Temporal Score | 5.9 |
| Exploitabality Sub Score | 2.2 | ||
| Attack Vector | Network | Attack Complexity | High |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | None |
| Integrity Impact | None | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-617 | Reachable Assertion |
CPE : Common Platform Enumeration
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-09-02 | BIND DNS server TSIG denial of service attempt RuleID : 54630 - Revision : 1 - Type : PROTOCOL-DNS |
Metasploit Database
| id | Description |
|---|---|
| 2020-05-19 | BIND TSIG Badtime Query Denial of Service |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 13:48:45 |
|
| 2024-10-23 02:20:14 |
|
| 2024-08-02 13:19:07 |
|
| 2024-08-02 01:23:29 |
|
| 2024-02-02 02:19:42 |
|
| 2024-02-01 12:21:57 |
|
| 2023-12-01 02:09:30 |
|
| 2023-11-07 21:37:22 |
|
| 2023-09-23 02:06:41 |
|
| 2023-09-05 13:14:01 |
|
| 2023-09-05 01:21:32 |
|
| 2023-09-02 13:12:48 |
|
| 2023-09-02 01:21:50 |
|
| 2023-08-22 13:05:08 |
|
| 2023-03-28 12:21:16 |
|
| 2022-10-11 01:20:49 |
|
| 2022-09-09 21:27:36 |
|
| 2021-11-04 01:43:42 |
|
| 2021-08-28 01:41:27 |
|
| 2021-05-08 12:37:35 |
|
| 2021-05-04 14:06:14 |
|
| 2021-04-22 03:11:10 |
|
| 2021-03-27 01:36:18 |
|
| 2020-12-10 12:31:03 |
|
| 2020-12-10 01:31:20 |
|
| 2020-10-21 01:30:16 |
|
| 2020-10-21 01:29:47 |
|
| 2020-10-20 17:23:00 |
|
| 2020-10-20 09:23:00 |
|
| 2020-09-03 01:31:14 |
|
| 2020-09-02 21:23:05 |
|
| 2020-06-04 12:25:53 |
|
| 2020-06-01 12:27:12 |
|
| 2020-05-31 05:22:46 |
|
| 2020-05-29 09:22:50 |
|
| 2020-05-28 05:22:54 |
|
| 2020-05-28 00:22:53 |
|
| 2020-05-26 21:22:50 |
|
| 2020-05-23 02:41:46 |
|
| 2020-05-23 02:40:53 |
|
