Attacker Value
Unknown
CVE-2024-1488
CVE-2024-1488
(Last updated January 30, 2025) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
7.3 High
Impact Score:
5.5
Exploitability Score:
1.8
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
High
Availability (A):
High
General Information
Vendors
Products
- codeready linux builder 9.0,
- codeready linux builder eus 9.2,
- codeready linux builder eus 9.4,
- codeready linux builder eus for power little endian 9.0 ppc64le,
- codeready linux builder eus for power little endian 9.2 ppc64le,
- codeready linux builder for arm64 9.0 aarch64,
- codeready linux builder for arm64 9.2 aarch64,
- codeready linux builder for arm64 eus 9.4 aarch64,
- codeready linux builder for ibm z systems 9.0 s390x,
- codeready linux builder for ibm z systems 9.2 s390x,
- codeready linux builder for ibm z systems eus 9.4 s390x,
- enterprise linux 8.0,
- enterprise linux 9.0,
- enterprise linux eus 8.6,
- enterprise linux eus 8.8,
- enterprise linux eus 9.2,
- enterprise linux eus 9.4,
- enterprise linux for arm 64 8.0 aarch64,
- enterprise linux for arm 64 9.0 aarch64,
- enterprise linux for arm 64 9.2 aarch64,
- enterprise linux for arm 64 eus 8.6 aarch64,
- enterprise linux for arm 64 eus 8.8 aarch64,
- enterprise linux for arm 64 eus 9.4 aarch64,
- enterprise linux for ibm z systems 8.0 s390x,
- enterprise linux for ibm z systems 9.0 s390x,
- enterprise linux for ibm z systems 9.2 s390x,
- enterprise linux for ibm z systems eus 8.6 s390x,
- enterprise linux for ibm z systems eus 8.8 s390x,
- enterprise linux for ibm z systems eus 9.4 s390x,
- enterprise linux for power little endian 8.0 ppc64le,
- enterprise linux for power little endian 9.0 ppc64le,
- enterprise linux for power little endian 9.2 ppc64le,
- enterprise linux for power little endian eus 8.6 ppc64le,
- enterprise linux for power little endian eus 8.8 ppc64le,
- enterprise linux for power little endian eus 9.4 ppc64le,
- enterprise linux server aus 8.2,
- enterprise linux server aus 8.4,
- enterprise linux server aus 8.6,
- enterprise linux server aus 9.2,
- enterprise linux server aus 9.4,
- enterprise linux server for power little endian update services for sap solutions 8.2 ppc64le,
- enterprise linux server for power little endian update services for sap solutions 8.4 ppc64le,
- enterprise linux server for power little endian update services for sap solutions 8.6 ppc64le,
- enterprise linux server for power little endian update services for sap solutions 8.8 ppc64le,
- enterprise linux server for power little endian update services for sap solutions 9.2 ppc64le,
- enterprise linux server for power little endian update services for sap solutions 9.4 ppc64le,
- enterprise linux server tus 8.2,
- enterprise linux server tus 8.4,
- enterprise linux server tus 8.6,
- enterprise linux server tus 8.8,
- unbound
References
Miscellaneous
