CVE-2017-15093 : When api-config-dir is set to a non-empty value, which is not the case by defaul

When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.

Published 2018-01-23 15:29:00

Updated 2019-10-09 23:24:12

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Input validation

Products affected by CVE-2017-15093

Powerdns » Recursor
Versions from including (>=) 3.0 and up to, including, (<=) 3.7.4
cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
Matching versions
Powerdns » Recursor
Versions from including (>=) 4.0.0 and up to, including, (<=) 4.0.6
cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2017-15093

Top countries where our scanners detected CVE-2017-15093

Top open port discovered on systems with this issue 53

IPs affected by CVE-2017-15093 864

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-15093!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-15093

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-15093

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.3	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N	1.6	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2017-15093

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2017-15093

http://www.securityfocus.com/bid/101982

PowerDNS Authoritative Server Module Multiple Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html

PowerDNS Security Advisory 2017-06: Configuration file injection in the API — PowerDNS Recursor documentation
Mitigation;Patch;Vendor Advisory