PT-2015-7510 · Securifi · Securifi Almond+1

Published

2015-09-21

Updated

2015-09-30

CVE-2015-7296

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Securifi Almond devices with firmware prior to AL1-R201EXP10-L304-W34 Securifi Almond-2015 devices with firmware prior to AL2-R088M

Description The issue concerns the use of a linear algorithm for selecting the ID value in the header of a DNS query. This makes it easier for remote attackers to spoof responses by including this ID value. For example, an attacker could include the address of the firmware update server in a spoofed response.

Recommendations For Securifi Almond devices with firmware prior to AL1-R201EXP10-L304-W34, update the firmware to AL1-R201EXP10-L304-W34 or later. For Securifi Almond-2015 devices with firmware prior to AL2-R088M, update the firmware to AL2-R088M or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-7296

Affected Products

Securifi Almond

Securifi Almond-2015

PT-2015-7510 · Securifi · Securifi Almond+1

CVE-2015-7296

Related Identifiers

Affected Products

References · 2