VDB

CISCO-SA-DNSMASQ-DNS-2021-C5MRDF3G

CISCO-SA-DNSMASQ-DNS-2021-C5MRDF3G PUBLISHED CVSS 5.900000095367432 MEDIUM

A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq. Exploitation of these vulnerabilities could result in remote code execution or denial of service (DoS), or may allow an attacker to more easily forge DNS answers that can poison DNS caches, depending on the specific vulnerability. Multiple Cisco products are affected by these vulnerabilities. Cisco will release software updates that address these vulnerabilities. Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products ["#vp"] section of this advisory. Note: At the time of publication, no Cisco products were found to be affected by the remote code execution and DoS vulnerabilities, which are identified by the following Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25687

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Cisco NX-OS Software
Cisco Identity Services Engine Software
Cisco Session Initiation Protocol (SIP) Software
Cisco TelePresence Video Communication Server (VCS) Expressway

Timeline

  • Jan 19, 2021 CVE Published
  • Aug 30, 2021 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›