Vulnerability Details : CVE-2020-12662
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Products affected by CVE-2020-12662
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*
Threat overview for CVE-2020-12662
Top countries where our scanners detected CVE-2020-12662
Top open port discovered on systems with this issue
53
IPs affected by CVE-2020-12662 12,315
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-12662!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-12662
0.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-12662
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-12662
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-12662
-
https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2020/05/19/5
oss-security - Unbound - CVE-2020-12662, CVE-2020-12663Mailing List;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/
[SECURITY] Fedora 32 Update: unbound-1.10.1-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.nxnsattack.com
NXNSAttackTechnical Description
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/
[SECURITY] Fedora 31 Update: unbound-1.10.1-1.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html
[security-announce] openSUSE-SU-2020:0912-1: important: Security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html
[SECURITY] [DLA 2556-1] unbound1.9 security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4374-1/
USN-4374-1: Unbound vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html
[security-announce] openSUSE-SU-2020:0913-1: important: Security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20200702-0006/
CVE-2020-12662 Unbound Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://www.debian.org/security/2020/dsa-4694
Debian -- Security Information -- DSA-4694-1 unboundThird Party Advisory
-
https://www.synology.com/security/advisory/Synology_SA_20_12
Synology Inc.Third Party Advisory
Jump to