CVE-2024-52616

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 21, 2024
CWE ID 334

Summary

CVE-2024-52616 reveals a vulnerability in the Avahi-daemon, where it initializes DNS transaction IDs randomly only upon startup. Afterward, the IDs are incremented sequentially. This predictable behavior opens the door for DNS spoofing attacks, enabling attackers to guess and manipulate transaction IDs to conduct fraudulent activities. This issue could potentially lead to unauthorized access, data theft, or other malicious actions. Organizations utilizing the Avahi-daemon are advised to apply the necessary patches as soon as available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share