DNS Cache Poisoning Vulnerability in Technitium DNS Server
CVE-2023-28457

7.5HIGH

Key Information:

Vendor: Technitium
Status: Dnsserver
Vendor: CVE Published:; 18 September 2024

What is CVE-2023-28457?

A critical security vulnerability exists in Technitium DNS Server versions up to 11.0.3 that exposes the system to DNS cache poisoning attacks. This flaw allows attackers to inject malicious DNS responses into the cache within a second, potentially leading to redirection of users to compromised sites or interception of sensitive data. The vulnerability highlights significant risks in DNS resolution processes, emphasizing the need for immediate attention and remediation to secure network infrastructures against such exploits.

References

https://technitium.com/dns/

https://gist.github.com/idealeer/89947ca07836fd0f7e976119...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Mar 15, 2023

CVE-2023-28457 Data

JSON