CVE-2022-3080 : By sending specific queries to the resolver, an attacker can cause named to cras

Products affected by CVE-2022-3080

ISC » Bind »
Versions from including (>=) 9.16.14 and before (<) 9.16.33
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
Matching versions
ISC » Bind »
Versions from including (>=) 9.19.0 and before (<) 9.19.5
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
Matching versions
ISC » Bind »
Versions from including (>=) 9.18.0 and before (<) 9.18.7
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
Matching versions
ISC » Bind » Version: 9.16.21 Update S1 Supported Preview Edition
cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*
Matching versions
ISC » Bind » Version: 9.16.32 Update S1 Supported Preview Edition
cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*
Matching versions
ISC » Bind » Version: 9.16.14 Update S1 Supported Preview Edition
cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 36
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 37
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2022-3080

Top countries where our scanners detected CVE-2022-3080

Top open port discovered on systems with this issue 53

IPs affected by CVE-2022-3080 94,280

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2022-3080!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2022-3080

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 23 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-3080

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	Internet Systems Consortium (ISC)
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-3080

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)
CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2022-3080