Unauthenticated DNS Response Acceptance Vulnerability

Unauthenticated DNS Response Acceptance Vulnerability

CVE-2018-16598 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.

Learn more about our Cis Benchmark Audit For Amazon Web Services.