CVE-2020-25926

Name of the Vulnerable Software and Affected Versions InterNiche NicheStack TCP/IP version 4.0.1

Description The DNS client in InterNiche NicheStack TCP/IP is affected by insufficient entropy in the DNS transaction id, which can lead to DNS cache poisoning. The component dns query type() is involved, and the attack vector is a specific DNS response packet. This issue can be exploited remotely.

Recommendations For InterNiche NicheStack TCP/IP version 4.0.1, consider disabling the dns query type() function until a patch is available to prevent DNS cache poisoning attacks. Restrict access to the DNS client to minimize the risk of exploitation. Avoid using the DNS client with untrusted DNS responses until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.