CVE-2024-52615

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 21, 2024
CWE ID 330

Summary

CVE-2024-52616 is a newly discovered vulnerability affecting the Avahi-daemon. This issue arises due to the daemon's predictable initialization of DNS transaction IDs. At startup, these IDs are randomly assigned only once, with subsequent IDs being incremented sequentially. This behavior facilitates DNS spoofing attacks, as attackers can guess transaction IDs based on previously observed values, thereby manipulating DNS queries and responses.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share