What is the CVSS score of CVE-2024-56089?

CVE-2024-56089 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Dnsserver are affected by CVE-2024-56089?

Technitium DNS servers through version 13.2.2 are vulnerable to cache poisoning attacks that allow attackers to inject fraudulent DNS responses, potentially redirecting users to malicious websites or…

How to fix or mitigate CVE-2024-56089?

Within 24 hours: Audit all Technitium installations to identify affected versions (≤13.2.2) and document DNS dependencies. Within 7 days: Implement network segmentation to restrict DNS queries to trusted internal sources only, disable DNS recursive resolution if not required, and enable DNS query logging for forensic detection. Within 30 days: Monitor vendor releases closely for patches; contact Technitium support for interim guidance and evaluate migration to alternative DNS solutions if patches remain unavailable.

Dnsserver CVE-2024-56089

EUVD-2024-55104 HIGH

Use of Insufficiently Random Values (CWE-330)

2025-12-01 cve@mitre.org

Code Injection Dnsserver

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2024-55104

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

CVE Published

Dec 01, 2025 - 15:15 nvd

HIGH 7.5

DescriptionCVE.org

An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fake responses by reviving the birthday attack.

Analysis

An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fake responses by reviving the birthday attack.

Technical ContextAI

This vulnerability is classified as Use of Insufficiently Random Values (CWE-330).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2024-56089 vulnerability details – vuln.today

Back

Dnsserver CVE-2024-56089

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code