An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific request). Data is predictable because it is based on the time of day, and has too few bits.
References
Link | Resource |
---|---|
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/ | Mitigation Third Party Advisory |
https://www.kb.cert.org/vuls/id/608209 | Third Party Advisory US Government Resource |
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/ | Mitigation Third Party Advisory |
https://www.kb.cert.org/vuls/id/608209 | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 06:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/ - Mitigation, Third Party Advisory | |
References | () https://www.kb.cert.org/vuls/id/608209 - Third Party Advisory, US Government Resource |
Information
Published : 2021-08-19 11:15
Updated : 2024-11-21 06:05
NVD link : CVE-2021-31228
Mitre link : CVE-2021-31228
CVE.ORG link : CVE-2021-31228
JSON object : View
Products Affected
hcc-embedded
- nichestack
CWE
CWE-330
Use of Insufficiently Random Values