CVE-2004-0789

3 documents3 sources

Severity

5.0MEDIUM

EPSS

2.0%

top 16.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axis 2100 Network Camera Axis 2110 Network Camera Axis 2120 Network Camera +10 more

Timeline

PublishedDec 31

Latest updateApr 29

Description

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages13 packages

▶NVDaxis/2460_network_dvr3.12

▶NVDaxis/2100_network_camera12 versions+11

▶NVDaxis/2110_network_camera7 versions+6

▶NVDaxis/2120_network_camera7 versions+6

▶NVDaxis/2420_network_camera8 versions+7

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.posadis.org ↗

🔴Vulnerability Details

GHSA

GHSA-3jm2-9cp5-5xp7: Multiple implementations of the DNS protocol, including (1) Poslib 1↗2022-04-29

▶

CVEList

CVE-2004-0789: Multiple implementations of the DNS protocol, including (1) Poslib 1↗2005-09-01

▶