CVE-2024-52615 - Vulnerability Details

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Openshift

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2024-52615
https://bugzilla.redhat.com/show_bug.cgi?id=2326418
https://nvd.nist.gov/vuln/detail/CVE-2024-52615
https://www.cve.org/CVERecord?id=CVE-2024-52615

History

Thu, 21 Nov 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 21 Nov 2024 20:45:00 +0000

Type	Values Removed	Values Added
Title	avahi: Avahi Wide-Area DNS Uses Constant Source Port	Avahi: avahi wide-area dns uses constant source port
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418

Sat, 16 Nov 2024 02:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
Title		avahi: Avahi Wide-Area DNS Uses Constant Source Port
Weaknesses		CWE-330
References		https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://www.cve.org/CVERecord?id=CVE-2024-52615
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}` threat_severity `Moderate`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-11-21T20:34:00.981Z

Updated: 2024-11-24T21:11:51.283Z

Reserved: 2024-11-15T08:38:03.183Z

Link: CVE-2024-52615

Vulnrichment

Updated: 2024-11-21T21:07:23.260Z

NVD

Status : Received

Published: 2024-11-21T21:15:23.807

Modified: 2024-11-21T21:15:23.807

Link: CVE-2024-52615

Redhat

Severity : Moderate

Publid Date: 2024-11-15T00:00:00Z

Links: CVE-2024-52615 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object