PT-2015-7510 · Securifi · Securifi Almond+1

Publicado

2015-09-21

Atualizado

2015-09-30

CVE-2015-7296

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Securifi Almond devices with firmware prior to AL1-R201EXP10-L304-W34 Securifi Almond-2015 devices with firmware prior to AL2-R088M

Description The issue concerns the use of a linear algorithm for selecting the ID value in the header of a DNS query. This makes it easier for remote attackers to spoof responses by including this ID value. For example, an attacker could include the address of the firmware update server in a spoofed response.

Recommendations For Securifi Almond devices with firmware prior to AL1-R201EXP10-L304-W34, update the firmware to AL1-R201EXP10-L304-W34 or later. For Securifi Almond-2015 devices with firmware prior to AL2-R088M, update the firmware to AL2-R088M or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2015-7296

Produtos afetados

Securifi Almond

Securifi Almond-2015

PT-2015-7510 · Securifi · Securifi Almond+1

CVE-2015-7296

Identificadores relacionados

Produtos afetados

Referências · 2