Amplification Attack Vulnerability in Technitium DNS Software
CVE-2023-28456

7.5HIGH

Key Information:

Vendor: Technitium
Status: Dnsserver
Vendor: CVE Published:; 18 September 2024

What is CVE-2023-28456?

A vulnerability found in Technitium DNS Server versions prior to 11.0.2 allows attackers to exploit amplification attacks, potentially yielding up to three times the amplification factor compared to other leading DNS software solutions like BIND. This can result in significant disruption, leading to potential Denial of Service conditions that impact the performance and availability of affected systems.

References

https://technitium.com/dns/

https://gist.github.com/idealeer/89947ca07836fd0f7e976119...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Mar 15, 2023

CVE-2023-28456 Data

JSON