Home > Vulnerability Database > CVE-2020-14312

Mend.io Vulnerability Database

CVE-2020-14312

Date: February 5, 2021

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

Severity Score

5.9

Related Resources (6)

Url: https://access.redhat.com/security/cve/CVE-2020-14312

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1851342

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-14312

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14312

Url: https://security-tracker.debian.org/tracker/CVE-2020-14312

Url: https://www.mend.io/vulnerability-database/CVE-2020-14312

Severity Score

5.9

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-14312

Date: February 5, 2021

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?