PT-2021-17433 · Unknown · Nucleus Source Code+2
Published
2021-04-22
·
Updated
2022-04-22
·
CVE-2021-27393
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nucleus NET versions all
Nucleus ReadyStart V3 versions prior to V2013.08
Nucleus Source Code versions including affected DNS modules
Description
A vulnerability has been identified where the DNS client does not properly randomize UDP port numbers of DNS requests. This could allow an attacker to poison the DNS cache or spoof DNS resolving.
Recommendations
For Nucleus NET versions all, consider implementing additional security measures to prevent DNS cache poisoning.
For Nucleus ReadyStart V3 versions prior to V2013.08, update to version V2013.08 or later.
For Nucleus Source Code versions including affected DNS modules, modify the DNS client to properly randomize UDP port numbers of DNS requests.
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nucleus Net
Nucleus Readystart V3
Nucleus Source Code