CVE-2021-31228
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific request). Data is predictable because it is based on the time of day, and has too few bits.
Se ha detectado un problema en HCC embedded InterNiche versión 4.0.1. Esta vulnerabilidad permite al atacante predecir el puerto de origen de una consulta DNS para enviar paquetes de respuesta DNS falsos que serán aceptados como respuestas válidas a las peticiones del cliente DNS (sin olfatear la petición específica). Los datos son predecibles porque son basados en la hora del día y presentan muy pocos bits.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-15 CVE Reserved
- 2021-08-19 CVE Published
- 2024-05-04 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-330: Use of Insufficiently Random Values
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack | Mitigation | |
| https://www.kb.cert.org/vuls/id/608209 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hcc-embedded Search vendor "Hcc-embedded" | Nichestack Search vendor "Hcc-embedded" for product "Nichestack" | < 4.3 Search vendor "Hcc-embedded" for product "Nichestack" and version " < 4.3" | - |
Affected
| ||||||