CVE-2022-33991

dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sourceforge.net/projects/dproxy/	Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/08/14/3	Exploit Mailing List Third Party Advisory
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner	Third Party Advisory
https://sourceforge.net/projects/dproxy/	Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/08/14/3	Exploit Mailing List Third Party Advisory
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:08

Type	Values Removed	Values Added
References	~~() https://sourceforge.net/projects/dproxy/ - Third Party Advisory~~	() https://sourceforge.net/projects/dproxy/ - Third Party Advisory
References	~~() https://www.openwall.com/lists/oss-security/2022/08/14/3 - Exploit, Mailing List, Third Party Advisory~~	() https://www.openwall.com/lists/oss-security/2022/08/14/3 - Exploit, Mailing List, Third Party Advisory
References	~~() https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner - Third Party Advisory~~	() https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner - Third Party Advisory

Information

Published : 2022-08-15 13:15

Updated : 2024-11-21 07:08

NVD link : CVE-2022-33991

Mitre link : CVE-2022-33991

CVE.ORG link : CVE-2022-33991

JSON object : View

Products Affected

dproxy-nexgen_project

dproxy-nexgen

CWE

CWE-290

Authentication Bypass by Spoofing

{"id": "CVE-2022-33991", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-08-15T13:15:19.047", "references": [{"url": "https://sourceforge.net/projects/dproxy/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.openwall.com/lists/oss-security/2022/08/14/3", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sourceforge.net/projects/dproxy/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openwall.com/lists/oss-security/2022/08/14/3", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers."}, {"lang": "es", "value": "dproxy-nexgen (tambi\u00e9n se conoce como dproxy nexgen) reenv\u00eda y almacena en cach\u00e9 las consultas DNS con el bit CD (tambi\u00e9n se conoce como comprobaci\u00f3n deshabilitada) establecido en 1. Esto conlleva a una deshabilitaci\u00f3n de la protecci\u00f3n DNSSEC proporcionada por los resolutores ascendentes."}], "lastModified": "2024-11-21T07:08:44.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "579888EE-A999-4603-97EF-740C042004B5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}