Vulnerability Name:

CVE-2020-14312 (CCN-185375)

Assigned:2020-07-16
Published:2020-07-16
Updated:2022-07-25
Summary:A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-14312

Source: CCN
Type: dnsmasq Web site
dnsmasq

Source: CCN
Type: Red Hat Bugzilla – Bug 1851342
(CVE-2020-14312) - CVE-2020-14312 dnsmasq: insecure default configuration makes it an open resolver

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1851342

Source: XF
Type: UNKNOWN
dnsmasq-cve202014312-dos(185375)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:fedoraproject:fedora:*:*:*:*:*:*:*:* (Version < 31)

  • Configuration CCN 1:
  • cpe:/a:thekelleys:dnsmasq:2.80:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7484
    P
    dnsmasq-2.86-150400.14.3 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:799
    P
    Security update for python (Moderate)
    2022-10-04
    oval:org.opensuse.security:def:3700
    P
    Security update for xorg-x11-server (Important)
    2022-07-12
    oval:org.opensuse.security:def:3514
    P
    gstreamer-plugins-base-1.8.3-13.3.2 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94539
    P
    dnsmasq-2.86-150400.14.3 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94626
    P
    libbrotli-devel-1.0.7-3.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2909
    P
    dnsmasq-2.86-150400.14.3 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95422
    P
    Security update for MozillaThunderbird (Important)
    2022-05-17
    oval:org.opensuse.security:def:99752
    P
    (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:100063
    P
    (Moderate)
    2022-01-20
    oval:org.opensuse.security:def:112161
    P
    dnsmasq-2.86-3.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:99159
    P
    (Important)
    2021-11-10
    oval:org.opensuse.security:def:111114
    P
    Security update for dnsmasq (Moderate)
    2021-10-31
    oval:org.opensuse.security:def:73911
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:6213
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:106442
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:92209
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:64789
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:9803
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:105849
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:69943
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:76031
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:8853
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:106729
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:99354
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:111766
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:92404
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:66963
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:10354
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:117519
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:101339
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:106044
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:70494
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:76370
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:9048
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:42135
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:108005
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:99553
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:92603
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:67302
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:73725
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:5874
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:102135
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:106243
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:98964
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:92014
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:64603
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:9604
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:42233
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:108801
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:105654
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:92802
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:69744
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    BACK
    fedoraproject fedora *
    thekelleys dnsmasq 2.80