Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2020-8623

Disclosure Date: August 21, 2020 •

CVE-2020-8623 CVSS v3 Base Score: 7.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In BIND 9.10.0 –> 9.11.21, 9.12.0 –> 9.16.5, 9.17.0 –> 9.17.3, also affects 9.10.5-S1 –> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with “—enable-native-pkcs11” * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.5 High

Impact Score:

3.6

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

canonical,
debian,
fedoraproject,
isc,
netapp,
opensuse,
synology

Products

bind,
bind 9.10.5,
bind 9.11.21,
debian linux 10.0,
debian linux 9.0,
dns server,
fedora 31,
fedora 32,
leap 15.1,
leap 15.2,
steelstore cloud integrated storage -,
ubuntu linux 16.04,
ubuntu linux 18.04,
ubuntu linux 20.04

References

Canonical

CVE-2020-8623 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623)

Advisory

https://kb.isc.org/docs/cve-2020-8623

FEDORA-2020-a02b7a0f21 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE)

https://security.netapp.com/advisory/ntap-20200827-0003

USN-4468-1 (https://usn.ubuntu.com/4468-1)

DSA-4752 (https://www.debian.org/security/2020/dsa-4752)

FEDORA-2020-14c194e5af (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP)

[debian-lts-announce] 20200829 [SECURITY] [DLA 2355-1] bind9 security update (https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html)

GLSA-202008-19 (https://security.gentoo.org/glsa/202008-19)

https://www.synology.com/security/advisory/Synology_SA_20_19

FEDORA-2020-a02b7a0f21 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/)

https://security.netapp.com/advisory/ntap-20200827-0003/

USN-4468-1 (https://usn.ubuntu.com/4468-1/)

FEDORA-2020-14c194e5af (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/)

openSUSE-SU-2020:1699 (http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html)

openSUSE-SU-2020:1701 (http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html)

Rapid7

Technical Analysis