Sign-up

ID

VAR-202006-1508


CVE

CVE-2020-5591


TITLE

XACK DNS Service operation interruption in (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-000036

DESCRIPTION

XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. ・ Abuse the full resolver as a stepping stone for reflection attacks

Trust: 2.16

sources: NVD: CVE-2020-5591 // JVNDB: JVNDB-2020-000036 // CNVD: CNVD-2020-35967

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-35967

AFFECTED PRODUCTS

vendor:xackmodel:dnsscope:lteversion:1.11.4

Trust: 1.0

vendor:xackmodel:dnsscope:lteversion:1.7.18

Trust: 1.0

vendor:xackmodel:dnsscope:lteversion:1.8.23

Trust: 1.0

vendor:xackmodel:dnsscope:gteversion:1.11.0

Trust: 1.0

vendor:xackmodel:dnsscope:gteversion:1.8.0

Trust: 1.0

vendor:xackmodel:dnsscope:gteversion:1.10.0

Trust: 1.0

vendor:xackmodel:dnsscope:lteversion:1.10.8

Trust: 1.0

vendor:xackmodel:dnsscope:eqversion:1.10.0 から 1.10.8

Trust: 0.8

vendor:xackmodel:dnsscope:eqversion:1.11.0 から 1.11.4

Trust: 0.8

vendor:xackmodel:dnsscope:eqversion:1.7.0 から 1.7.18

Trust: 0.8

vendor:xackmodel:dnsscope:eqversion:1.7.0 の全て

Trust: 0.8

vendor:xackmodel:dnsscope:eqversion:1.8.0 から 1.8.23

Trust: 0.8

vendor:xackmodel:dnsscope:gteversion:1.11.0,<=1.11.4

Trust: 0.6

vendor:xackmodel:dnsscope:gteversion:1.10.0,<=1.10.8

Trust: 0.6

vendor:xackmodel:dnsscope:gteversion:1.8.0,<=1.8.23

Trust: 0.6

vendor:xackmodel:dnsscope:gteversion:1.7.0,<=1.7.18

Trust: 0.6

vendor:xackmodel:dnsscope:ltversion:1.7.0

Trust: 0.6

sources: CNVD: CNVD-2020-35967 // JVNDB: JVNDB-2020-000036 // NVD: CVE-2020-5591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5591
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-000036
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-35967
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-562
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-5591
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2020-000036
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-35967
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5591
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA: JVNDB-2020-000036
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-35967 // JVNDB: JVNDB-2020-000036 // CNNVD: CNNVD-202006-562 // NVD: CVE-2020-5591

PROBLEMTYPE DATA

problemtype:CWE-674

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-000036 // NVD: CVE-2020-5591

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-562

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-562

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-000036

PATCH
title:CVE-2020-8616 (NXNSAttack) についてurl:https://xack.co.jp/info/?ID=622
Trust: 0.8
title:Patch for XACK DNS Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/224363
Trust: 0.6
title:XACK DNS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121385
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-35967 // 
            
            
            
            JVNDB: JVNDB-2020-000036 // 
            
            
            
            CNNVD: CNNVD-202006-562

EXTERNAL IDS
db:NVDid:CVE-2020-5591
Trust: 3.0
db:JVNid:JVN40208370
Trust: 2.4
db:JVNDBid:JVNDB-2020-000036
Trust: 1.4
db:CNVDid:CNVD-2020-35967
Trust: 0.6
db:CNNVDid:CNNVD-202006-562
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-35967 // 
            
            
            
            JVNDB: JVNDB-2020-000036 // 
            
            
            
            CNNVD: CNNVD-202006-562 // 
            
            
            
            NVD: CVE-2020-5591

REFERENCES
url:https://xack.co.jp/info/?id=622
Trust: 1.6
url:https://jvn.jp/en/jp/jvn40208370/index.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-5591
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5591
Trust: 0.8
url:https://jprs.jp/tech/security/2020-05-20-bind9-vuln-processing-referrals.html
Trust: 0.8
url:https://jvn.jp/jp/jvn40208370/index.html
Trust: 0.8
url:http://www.nxnsattack.com/
Trust: 0.8
url:https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000036.html
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-35967 // 
            
            
            
            JVNDB: JVNDB-2020-000036 // 
            
            
            
            CNNVD: CNNVD-202006-562 // 
            
            
            
            NVD: CVE-2020-5591

SOURCES
db:CNVDid:CNVD-2020-35967
db:JVNDBid:JVNDB-2020-000036
db:CNNVDid:CNNVD-202006-562
db:NVDid:CVE-2020-5591

LAST UPDATE DATE
2024-11-23T20:36:34.143000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-35967date:2020-07-02T00:00:00
db:JVNDBid:JVNDB-2020-000036date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202006-562date:2020-06-12T00:00:00
db:NVDid:CVE-2020-5591date:2024-11-21T05:34:19.600

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-35967date:2020-07-02T00:00:00
db:JVNDBid:JVNDB-2020-000036date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202006-562date:2020-06-05T00:00:00
db:NVDid:CVE-2020-5591date:2020-06-05T18:15:14.293