Infoblox NIOS &amp;amp; BloxOne DDI products are not vulnerable to SIGRed

THE GAME HAS CHANGED

Introducing Infoblox Universal DDI Management^TM

Watch the launch to discover the new era of management for critical network services. Watch Now

Infoblox

Support

Trending KB Articles

#12325: Infoblox NIOS & BloxOne® DDI products are ...

Trending KB Articles

Article Options

Subscribe to RSS Feed

Mark as New

Mark as Read

Bookmark

Subscribe

Printer Friendly Page

Report Inappropriate Content

#12325: Infoblox NIOS & BloxOne® DDI products are not vulnerable to SIGRed Windows DNS Vulnerability

samanna
Adviser

Posts: 321

#12325: Infoblox NIOS & BloxOne® DDI products are not vulnerable to SIGRed Windows DNS Vulnerability

samanna ‎07-17-2020 11:17 AM - edited ‎01-14-2021 08:48 AM

#12325: Infoblox NIOS and BloxOne DDI products are not vulnerable  CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server

Published 07/16/2020 | Updated 07/16/2020 10:02 PM

Summary

Infoblox NIOS and BloxOne DDI products are not vulnerable  CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server.

Overview

On July 14, 2020, CVE-2020-1350 was disclosed. | Windows DNS Server Remote Code Execution Vulnerability.

Description

CVE-2020-1350: Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected. A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

Impact

Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.

Affected NIOS Versions

None.

Workaround

https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerabil...

There isn’t an Infoblox mitigation at this time for downstream Windows DNS servers, the workaround is only for Windows servers since NIOS is not Vulnerable. If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350. The following registry modification has been identified as a workaround for this vulnerability.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
DWORD = TcpReceivePacketSize
Value = 0xFF00

 Note: A restart of the DNS Service is required to take effect.

Resolution

Neither NIOS, nor BloxOne DDI is affected. No actions needed on the NIOS side but remediation is listed above for Windows DNS server.

Labels:

KB Article

Permalink

0 Kudos

Back to Blog

Newer Article

Older Article

Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Recommended Discussions

Re: NIOS DDI DHCP migration
Re: Option 121, how to?
Re: RegreSSHion vulnerability (CVE-2024-6387)
Re: Is NIOS affected by these four new ISC BIND CVEs?
Is NIOS affected by these four new ISC BIND CVEs?

PRODUCTS

SOLUTIONS

COMPANY

SUPPORT

© Infoblox. All rights reserved.

Feedback

Terms & Conditions

Legal

Privacy Policy