Vulnerability Details : CVE-2020-10995
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.
Products affected by CVE-2020-10995
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
Threat overview for CVE-2020-10995
Top countries where our scanners detected CVE-2020-10995
Top open port discovered on systems with this issue
53
IPs affected by CVE-2020-10995 2,336
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-10995!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-10995
0.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10995
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-10995
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-10995
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/
[SECURITY] Fedora 31 Update: pdns-recursor-4.2.2-1.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4691
Debian -- Security Information -- DSA-4691-1 pdns-recursorThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF/
[SECURITY] Fedora 32 Update: pdns-recursor-4.3.1-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.nxnsattack.com
NXNSAttackTechnical Description;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html
[security-announce] openSUSE-SU-2020:0698-1: moderate: Security update fMailing List;Third Party Advisory
-
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
PowerDNS Security Advisory 2020-01: Denial of Service — PowerDNS Recursor documentationVendor Advisory
Jump to