CVE-2022-33991
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.
dproxy-nexgen (también se conoce como dproxy nexgen) reenvía y almacena en caché las consultas DNS con el bit CD (también se conoce como comprobación deshabilitada) establecido en 1. Esto conlleva a una deshabilitación de la protección DNSSEC proporcionada por los resolutores ascendentes.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-18 CVE Reserved
- 2022-08-15 CVE Published
- 2024-03-07 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-290: Authentication Bypass by Spoofing
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://sourceforge.net/projects/dproxy | Third Party Advisory | |
| https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2022/08/14/3 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dproxy-nexgen Project Search vendor "Dproxy-nexgen Project" | Dproxy-nexgen Search vendor "Dproxy-nexgen Project" for product "Dproxy-nexgen" | - | - |
Affected
| ||||||