CVE-2021-25220 - OpenCVE

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Isc	Bind
Juniper	Junos Srx100 Srx110 Srx1400 Srx1500 Srx210 Srx220 Srx240 Srx240h2 Srx240m Srx300 Srx320 Srx340 Srx3400 Srx345 Srx3600 Srx380 Srx4000 Srx4100 Srx4200 Srx4600 Srx5000 Srx5400 Srx550 Srx550 Hm Srx550m Srx5600 Srx5800 Srx650
Netapp	H300e H300e Firmware H300s H300s Firmware H410c H410c Firmware H410s H410s Firmware H500e H500e Firmware H500s H500s Firmware H700e H700e Firmware H700s H700s Firmware
Redhat	Enterprise Linux Rhel Eus
Siemens	Sinec Ins

Configuration 1 [-]

OR	cpe:2.3:a:isc:bind:::::-:::*
	cpe:2.3:a:isc:bind:::::supported_preview:::*
	cpe:2.3:a:isc:bind:::::-:::*
	cpe:2.3:a:isc:bind:::::supported_preview:::*
	cpe:2.3:a:isc:bind:::::-:::*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 11 [-]

OR	cpe:2.3:a:siemens:sinec_ins::::::::
	cpe:2.3:a:siemens:sinec_ins:1.0:-::::::
	cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::

Configuration 12 [-]

AND

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:19.3:-::::::
	cpe:2.3:o:juniper:junos:19.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:19.3:r2::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s2::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s3::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s4::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s5::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s6::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s7::::::
	cpe:2.3:o:juniper:junos:19.3:r3::::::
	cpe:2.3:o:juniper:junos:19.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:19.3:r3-s2::::::
	cpe:2.3:o:juniper:junos:19.3:r3-s3::::::
	cpe:2.3:o:juniper:junos:19.3:r3-s4::::::
	cpe:2.3:o:juniper:junos:19.3:r3-s5::::::
	cpe:2.3:o:juniper:junos:19.3:r3-s6::::::
	cpe:2.3:o:juniper:junos:19.4:-::::::
	cpe:2.3:o:juniper:junos:19.4:r1::::::
	cpe:2.3:o:juniper:junos:19.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:19.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:19.4:r1-s3::::::
	cpe:2.3:o:juniper:junos:19.4:r1-s4::::::
	cpe:2.3:o:juniper:junos:19.4:r2::::::
	cpe:2.3:o:juniper:junos:19.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:19.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:19.4:r2-s3::::::
	cpe:2.3:o:juniper:junos:19.4:r2-s4::::::
	cpe:2.3:o:juniper:junos:19.4:r2-s5::::::
	cpe:2.3:o:juniper:junos:19.4:r2-s6::::::
	cpe:2.3:o:juniper:junos:19.4:r2-s7::::::
	cpe:2.3:o:juniper:junos:19.4:r3::::::
	cpe:2.3:o:juniper:junos:19.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:19.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:19.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:19.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:19.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:19.4:r3-s6::::::
	cpe:2.3:o:juniper:junos:19.4:r3-s7::::::
	cpe:2.3:o:juniper:junos:19.4:r3-s8::::::
	cpe:2.3:o:juniper:junos:20.2:-::::::
	cpe:2.3:o:juniper:junos:20.2:r1::::::
	cpe:2.3:o:juniper:junos:20.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:20.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:20.2:r1-s3::::::
	cpe:2.3:o:juniper:junos:20.2:r2::::::
	cpe:2.3:o:juniper:junos:20.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:20.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:20.2:r2-s3::::::
	cpe:2.3:o:juniper:junos:20.2:r3::::::
	cpe:2.3:o:juniper:junos:20.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:20.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:20.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:20.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:20.3:-::::::
	cpe:2.3:o:juniper:junos:20.3:r1::::::
	cpe:2.3:o:juniper:junos:20.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:20.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:20.3:r2::::::
	cpe:2.3:o:juniper:junos:20.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:20.3:r3::::::
	cpe:2.3:o:juniper:junos:20.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:20.3:r3-s2::::::
cpe:2.3:o:juniper:junos:20.3:r3-s3::::::
cpe:2.3:o:juniper:junos:20.3:r3-s4::::::
cpe:2.3:o:juniper:junos:20.4:-::::::
cpe:2.3:o:juniper:junos:20.4:r1::::::
cpe:2.3:o:juniper:junos:20.4:r1-s1::::::
cpe:2.3:o:juniper:junos:20.4:r2::::::
cpe:2.3:o:juniper:junos:20.4:r2-s1::::::
cpe:2.3:o:juniper:junos:20.4:r2-s2::::::
cpe:2.3:o:juniper:junos:20.4:r3::::::
cpe:2.3:o:juniper:junos:20.4:r3-s1::::::
cpe:2.3:o:juniper:junos:20.4:r3-s2::::::
cpe:2.3:o:juniper:junos:20.4:r3-s3::::::
cpe:2.3:o:juniper:junos:20.4:r3-s4::::::
cpe:2.3:o:juniper:junos:21.1:-::::::
cpe:2.3:o:juniper:junos:21.1:r1::::::
cpe:2.3:o:juniper:junos:21.1:r1-s1::::::
cpe:2.3:o:juniper:junos:21.1:r2::::::
cpe:2.3:o:juniper:junos:21.1:r2-s1::::::
cpe:2.3:o:juniper:junos:21.1:r2-s2::::::
cpe:2.3:o:juniper:junos:21.1:r3::::::
cpe:2.3:o:juniper:junos:21.1:r3-s1::::::
cpe:2.3:o:juniper:junos:21.1:r3-s2::::::
cpe:2.3:o:juniper:junos:21.2:-::::::
cpe:2.3:o:juniper:junos:21.2:r1::::::
cpe:2.3:o:juniper:junos:21.2:r1-s1::::::
cpe:2.3:o:juniper:junos:21.2:r1-s2::::::
cpe:2.3:o:juniper:junos:21.2:r2::::::
cpe:2.3:o:juniper:junos:21.2:r2-s1::::::
cpe:2.3:o:juniper:junos:21.2:r2-s2::::::
cpe:2.3:o:juniper:junos:21.2:r3::::::
cpe:2.3:o:juniper:junos:21.2:r3-s1::::::
cpe:2.3:o:juniper:junos:21.3:-::::::
cpe:2.3:o:juniper:junos:21.3:r1::::::
cpe:2.3:o:juniper:junos:21.3:r1-s1::::::
cpe:2.3:o:juniper:junos:21.3:r1-s2::::::
cpe:2.3:o:juniper:junos:21.3:r2::::::
cpe:2.3:o:juniper:junos:21.3:r2-s1::::::
cpe:2.3:o:juniper:junos:21.3:r2-s2::::::
cpe:2.3:o:juniper:junos:21.3:r3::::::
cpe:2.3:o:juniper:junos:21.4:-::::::
cpe:2.3:o:juniper:junos:21.4:r1::::::
cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
cpe:2.3:o:juniper:junos:21.4:r2::::::
cpe:2.3:o:juniper:junos:22.1:r1::::::
cpe:2.3:o:juniper:junos:22.1:r1-s1::::::
cpe:2.3:o:juniper:junos:22.2:r1::::::

OR	cpe:2.3:h:juniper:srx100:-:::::::*
	cpe:2.3:h:juniper:srx110:-:::::::*
	cpe:2.3:h:juniper:srx1400:-:::::::*
	cpe:2.3:h:juniper:srx1500:-:::::::*
	cpe:2.3:h:juniper:srx210:-:::::::*
	cpe:2.3:h:juniper:srx220:-:::::::*
	cpe:2.3:h:juniper:srx240:-:::::::*
	cpe:2.3:h:juniper:srx240h2:-:::::::*
	cpe:2.3:h:juniper:srx240m:-:::::::*
	cpe:2.3:h:juniper:srx300:-:::::::*
	cpe:2.3:h:juniper:srx320:-:::::::*
	cpe:2.3:h:juniper:srx340:-:::::::*
	cpe:2.3:h:juniper:srx3400:-:::::::*
	cpe:2.3:h:juniper:srx345:-:::::::*
	cpe:2.3:h:juniper:srx3600:-:::::::*
	cpe:2.3:h:juniper:srx380:-:::::::*
	cpe:2.3:h:juniper:srx4000:-:::::::*
	cpe:2.3:h:juniper:srx4100:-:::::::*
	cpe:2.3:h:juniper:srx4200:-:::::::*
	cpe:2.3:h:juniper:srx4600:-:::::::*
	cpe:2.3:h:juniper:srx5000:-:::::::*
	cpe:2.3:h:juniper:srx5400:-:::::::*
	cpe:2.3:h:juniper:srx550:-:::::::*
	cpe:2.3:h:juniper:srx550_hm:-:::::::*
	cpe:2.3:h:juniper:srx550m:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*
	cpe:2.3:h:juniper:srx650:-:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
bind-32:9.11.4-26.P2.el7_9.13	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:0402	2023-01-24T00:00:00Z
Red Hat Enterprise Linux 8
bind9.16-32:9.16.23-0.9.el8.1	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:7643	2022-11-08T00:00:00Z
bind-32:9.11.36-5.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:7790	2022-11-08T00:00:00Z
bind-32:9.11.36-5.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2022:7790	2022-11-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
bind-32:9.11.36-3.el8_6.7	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:2720	2024-05-07T00:00:00Z
dhcp-12:4.3.6-47.el8_6.2	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:2720	2024-05-07T00:00:00Z
Red Hat Enterprise Linux 9
bind-32:9.16.23-5.el9_1	cpe:/a:redhat:enterprise_linux:9	RHSA-2022:8068	2022-11-15T00:00:00Z
dhcp-12:4.4.2-17.b1.el9	cpe:/o:redhat:enterprise_linux:9	RHSA-2022:8385	2022-11-15T00:00:00Z

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
https://kb.isc.org/docs/CVE-2021-25220
https://kb.isc.org/v1/docs/cve-2021-25220
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/
https://nvd.nist.gov/vuln/detail/CVE-2021-25220
https://security.gentoo.org/glsa/202210-25
https://security.netapp.com/advisory/ntap-20220408-0001/
https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US
https://www.cve.org/CVERecord?id=CVE-2021-25220

History

No history.

MITRE

Status: PUBLISHED

Assigner: isc

Published: 2022-03-23T12:50:10.367480Z

Updated: 2024-09-16T17:08:54.143Z

Reserved: 2021-01-15T00:00:00

Link: CVE-2021-25220

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-03-23T13:15:07.680

Modified: 2023-11-09T14:44:33.733

Link: CVE-2021-25220

Redhat

Severity : Moderate

Publid Date: 2022-03-16T00:00:00Z

Links: CVE-2021-25220 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object