cbcvebase.
CVE-2017-15093
published 2018-01-23

CVE-2017-15093: When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and…

PriorityP429medium5.3CVSS 3.0
AVNACHPRLUINSUCNIHAN
EPSS
0.84%
53.3th percentile
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.

Affected

5 ranges
VendorProductVersion rangeFixed in
debianpdns-recursor< pdns-recursor 4.0.7-1 (bookworm)pdns-recursor 4.0.7-1 (bookworm)
powerdnspowerdns_recursor
powerdnspowerdns_recursor
powerdnsrecursor3.0 – 3.7.4
powerdnsrecursor4.0.0 – 4.0.6

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.3MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.