Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Network

0

CVE-2020-8624

Disclosure Date: August 21, 2020 •

CVE-2020-8624 CVSS v3 Base Score: 4.3

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In BIND 9.9.12 –> 9.9.13, 9.10.7 –> 9.10.8, 9.11.3 –> 9.11.21, 9.12.1 –> 9.16.5, 9.17.0 –> 9.17.3, also affects 9.9.12-S1 –> 9.9.13-S1, 9.11.3-S1 –> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone’s content could abuse these unintended additional privileges to update other contents of the zone.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

4.3 Medium

Impact Score:

1.4

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

Low

Availability (A):

None

Vendors

canonical,
debian,
fedoraproject,
isc,
netapp,
opensuse

Products

bind,
bind 9.11.21,
bind 9.11.3,
bind 9.9.12,
bind 9.9.13,
debian linux 10.0,
fedora 31,
fedora 32,
leap 15.1,
leap 15.2,
steelstore cloud integrated storage -,
ubuntu linux 16.04,
ubuntu linux 18.04,
ubuntu linux 20.04

References

Canonical

CVE-2020-8624 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624)

Advisory

https://kb.isc.org/docs/cve-2020-8624

FEDORA-2020-a02b7a0f21 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE)

https://security.netapp.com/advisory/ntap-20200827-0003

USN-4468-1 (https://usn.ubuntu.com/4468-1)

DSA-4752 (https://www.debian.org/security/2020/dsa-4752)

FEDORA-2020-14c194e5af (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP)

GLSA-202008-19 (https://security.gentoo.org/glsa/202008-19)

https://www.synology.com/security/advisory/Synology_SA_20_19

FEDORA-2020-a02b7a0f21 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/)

https://security.netapp.com/advisory/ntap-20200827-0003/

USN-4468-1 (https://usn.ubuntu.com/4468-1/)

FEDORA-2020-14c194e5af (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/)

openSUSE-SU-2020:1699 (http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html)

openSUSE-SU-2020:1701 (http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html)

Rapid7

Technical Analysis