CVE-2024-52615
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Nov 21, 2024
CWE ID 330
Summary
CVE-2024-52616 is a newly discovered vulnerability affecting the Avahi-daemon. This issue arises due to the daemon's predictable initialization of DNS transaction IDs. At startup, these IDs are randomly assigned only once, with subsequent IDs being incremented sequentially. This behavior facilitates DNS spoofing attacks, as attackers can guess transaction IDs based on previously observed values, thereby manipulating DNS queries and responses.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share