CVE-2020-17470

Name of the Vulnerable Software and Affected Versions FNET versions through 4.6.4

Description An issue was discovered in the code that initializes the DNS client interface structure, where it does not set sufficiently random transaction IDs, always setting them to 1 in fnet dns poll in fnet dns.c. This significantly simplifies DNS cache poisoning attacks.

Recommendations For versions through 4.6.4, as a temporary workaround, consider implementing additional measures to prevent DNS cache poisoning attacks, such as restricting access to the DNS client interface or using external DNS security solutions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.