Fnet
CVE-2020-17470
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.
AnalysisAI
An issue was discovered in FNET through 4.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-330. An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks. Affected products include: Butok Fnet. Version information: through 4.6.4..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in FNET through 4.6.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploi
An issue was discovered in FNET through 4.6.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploi
An issue was discovered in FNET through 4.6.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl
An issue was discovered in FNET through 4.6.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl
Same weakness CWE-330 – Use of Insufficiently Random Values
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today