Vulnerability: Insufficiently Random Transaction IDs in FNET DNS Client Interface

Vulnerability: Insufficiently Random Transaction IDs in FNET DNS Client Interface

CVE-2020-17470 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.

Learn more about our Web Application Penetration Testing UK.