CVE-2020-14196

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions PowerDNS Recursor versions prior to 4.3.2 PowerDNS Recursor versions 4.2.2 and earlier PowerDNS Recursor versions 4.1.16 and earlier

Description The ACL that restricts access to the internal web server is not properly enforced, allowing unauthorized access. This issue affects PowerDNS Recursor versions up to and including 4.3.1, 4.2.2, and 4.1.16.

Recommendations For PowerDNS Recursor version 4.3.1, update to version 4.3.2 or later to resolve the issue. For PowerDNS Recursor version 4.2.2, update to version 4.2.3 or later to resolve the issue. For PowerDNS Recursor version 4.1.16, update to version 4.1.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the internal web server until a patch is available.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2020-14196

DLA-3855-1

MGASA-2020-0286

OPENSUSE-SU-2020:1005-1

OPENSUSE-SU-2020:1055-1

OPENSUSE-SU-2020:1101-1

OPENSUSE-SU-2020:1687-1

OPENSUSE-SU-2020_1005-1

OPENSUSE-SU-2020_1687-1

OPENSUSE-SU-2024:11157-1

Affected Products

Powerdns Recursor

Suse

CVE-2020-14196

Weakness Enumeration

Related Identifiers

Affected Products

References · 50