CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-1488

Medium Severity
Redhat
SVRS
30/100
CVSSv3
7.3/10
EPSS
0.00079/1

CVE-2024-1488: Unbound is vulnerable due to incorrect default permissions, enabling unauthorized modification of runtime configuration. This vulnerability allows an unprivileged attacker to manipulate a running instance of Unbound by connecting over localhost to port 8953. This can lead to altered forwarders, enabling the attacker to track queries or disrupt resolving. With a CVSS score of 7.3 but a SOCRadar Vulnerability Risk Score (SVRS) of 30, while not critically urgent, this issue should be addressed promptly to prevent potential exploitation. The main risk is that threat actors could potentially track queries forwarded by the local resolver. This CVE is significant because it allows for unauthorized control over DNS resolution, which can have far-reaching security implications. The vulnerability is known to be "In The Wild", increasing the urgency for patching and mitigation.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:L
I:H
A:H
PUBLICATION DATE2024-02-15
LAST MODIFIED2025-01-30
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-1488 describes a vulnerability in Unbound, a validating, recursive, and caching DNS resolver. Due to incorrect default permissions, any process outside the 'unbound' group can modify the unbound runtime configuration. This allows a local, unprivileged attacker to manipulate a running instance of Unbound if they can connect to port 8953 over localhost. Successful exploitation can lead to alteration of forwarders, tracking of forwarded queries, and potential disruption of the DNS resolving process. Although the CVSS score is 7.3 (High), the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a lower immediate risk compared to critical vulnerabilities with SVRS above 80. However, the 'In The Wild' tag signifies active exploitation, raising the overall urgency.

Key Insights

  1. Local Privilege Escalation: While not a remote code execution vulnerability, CVE-2024-1488 allows an unprivileged attacker on the local system to gain significant control over the Unbound DNS resolver. This is a crucial first step for more sophisticated attacks.
  2. DNS Traffic Interception and Manipulation: The ability to modify forwarders enables an attacker to redirect DNS queries through their controlled servers, allowing them to monitor all DNS traffic forwarded by the vulnerable Unbound instance. This constitutes a significant privacy and security risk.
  3. Service Disruption: The flaw can be exploited to disrupt DNS resolution entirely, potentially leading to denial-of-service conditions for applications and services relying on the affected Unbound instance.
  4. Actively Exploited: The tag "In The Wild" indicates that CVE-2024-1488 is actively exploited by hackers, increasing the urgency of patching and implementing mitigation strategies.

Mitigation Strategies

  1. Apply the Latest Security Patches: The primary mitigation is to update Unbound to the latest version that addresses CVE-2024-1488. Check the Unbound project's website or your distribution's security advisories for updates.
  2. Restrict Access to Port 8953: Implement firewall rules or access control lists (ACLs) to restrict connections to port 8953 (the unbound-control port) to only authorized processes or users. Ensure that only trusted processes can connect to this port.
  3. Review and Harden Unbound Configuration: Examine the Unbound configuration file to ensure it adheres to security best practices. Pay particular attention to permissions, access controls, and any unnecessary features or configurations that could be exploited. Implement a principle of least privilege.
  4. Monitor DNS Traffic: Implement DNS traffic monitoring solutions to detect suspicious DNS queries or unexpected changes in DNS traffic patterns. This can help identify potential exploitation attempts or successful compromises.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-1488 | Unbound up to 1.19.1 access control (Nessus ID 213254)
vuldb.com2025-01-24
CVE-2024-1488 | Unbound up to 1.19.1 access control (Nessus ID 213254) | A vulnerability has been found in Unbound and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-1488. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

Configuration 2
TypeVendorProduct
OSRedhatenterprise_linux_for_power_little_endian_eus
OSRedhatenterprise_linux_for_arm_64
OSRedhatenterprise_linux_server_aus
OSRedhatenterprise_linux_server_tus
AppRedhatcodeready_linux_builder_for_arm64_eus
OSRedhatenterprise_linux_for_power_little_endian
OSRedhatenterprise_linux_for_arm_64_eus
OSRedhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
OSRedhatenterprise_linux_for_ibm_z_systems
AppRedhatcodeready_linux_builder
AppRedhatcodeready_linux_builder_eus
AppRedhatcodeready_linux_builder_for_arm64
OSRedhatenterprise_linux_eus
OSRedhatenterprise_linux
AppRedhatcodeready_linux_builder_for_ibm_z_systems
AppRedhatcodeready_linux_builder_eus_for_power_little_endian
OSRedhatenterprise_linux_for_ibm_z_systems_eus
AppRedhatcodeready_linux_builder_for_ibm_z_systems_eus

References

ReferenceLink
[email protected]https://access.redhat.com/security/cve/CVE-2024-1488
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2264183
[email protected]https://access.redhat.com/errata/RHSA-2024:1750
[email protected]https://access.redhat.com/security/cve/CVE-2024-1488
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2264183
[email protected]https://access.redhat.com/errata/RHSA-2024:1750
[email protected]https://access.redhat.com/errata/RHSA-2024:1751
[email protected]https://access.redhat.com/errata/RHSA-2024:1780
[email protected]https://access.redhat.com/security/cve/CVE-2024-1488
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2264183
[email protected]https://access.redhat.com/errata/RHSA-2024:1750
[email protected]https://access.redhat.com/errata/RHSA-2024:1751
[email protected]https://access.redhat.com/errata/RHSA-2024:1780
[email protected]https://access.redhat.com/errata/RHSA-2024:1801
[email protected]https://access.redhat.com/errata/RHSA-2024:1802
[email protected]https://access.redhat.com/errata/RHSA-2024:1804
[email protected]https://access.redhat.com/security/cve/CVE-2024-1488
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2264183
[email protected]https://access.redhat.com/errata/RHSA-2024:1750
[email protected]https://access.redhat.com/errata/RHSA-2024:1751
[email protected]https://access.redhat.com/errata/RHSA-2024:1780
[email protected]https://access.redhat.com/errata/RHSA-2024:1801
[email protected]https://access.redhat.com/errata/RHSA-2024:1802
[email protected]https://access.redhat.com/errata/RHSA-2024:1804
[email protected]https://access.redhat.com/errata/RHSA-2024:2587
[email protected]https://access.redhat.com/security/cve/CVE-2024-1488
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2264183
[email protected]https://access.redhat.com/errata/RHSA-2024:1750
[email protected]https://access.redhat.com/errata/RHSA-2024:1751
[email protected]https://access.redhat.com/errata/RHSA-2024:1780
[email protected]https://access.redhat.com/errata/RHSA-2024:1801
[email protected]https://access.redhat.com/errata/RHSA-2024:1802
[email protected]https://access.redhat.com/errata/RHSA-2024:1804
[email protected]https://access.redhat.com/errata/RHSA-2024:2587
[email protected]https://access.redhat.com/errata/RHSA-2024:2696
[email protected]https://access.redhat.com/security/cve/CVE-2024-1488
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2264183
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1750
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1751
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1780
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1801
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1802
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1804
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:2587
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:2696
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/security/cve/CVE-2024-1488
AF854A3A-2127-422B-91AE-364DA2661108https://bugzilla.redhat.com/show_bug.cgi?id=2264183
[email protected]https://access.redhat.com/errata/RHSA-2024:1750
[email protected]https://access.redhat.com/errata/RHSA-2024:1751
[email protected]https://access.redhat.com/errata/RHSA-2024:1780
[email protected]https://access.redhat.com/errata/RHSA-2024:1801
[email protected]https://access.redhat.com/errata/RHSA-2024:1802
[email protected]https://access.redhat.com/errata/RHSA-2024:1804
[email protected]https://access.redhat.com/errata/RHSA-2024:2587
[email protected]https://access.redhat.com/errata/RHSA-2024:2696
[email protected]https://access.redhat.com/security/cve/CVE-2024-1488
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2264183
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1750
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1751
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1780
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1801
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1802
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:1804
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:2587
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/errata/RHSA-2024:2696
AF854A3A-2127-422B-91AE-364DA2661108https://access.redhat.com/security/cve/CVE-2024-1488
AF854A3A-2127-422B-91AE-364DA2661108https://bugzilla.redhat.com/show_bug.cgi?id=2264183
[email protected]https://access.redhat.com/errata/RHSA-2024:1750
[email protected]https://access.redhat.com/errata/RHSA-2024:1751
[email protected]https://access.redhat.com/errata/RHSA-2024:1780
[email protected]https://access.redhat.com/errata/RHSA-2024:1801
[email protected]https://access.redhat.com/errata/RHSA-2024:1802
[email protected]https://access.redhat.com/errata/RHSA-2024:1804
[email protected]https://access.redhat.com/errata/RHSA-2024:2587
[email protected]https://access.redhat.com/errata/RHSA-2024:2696
[email protected]https://access.redhat.com/errata/RHSA-2025:0837
[email protected]https://access.redhat.com/security/cve/CVE-2024-1488
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2264183

CWE Details

CWE IDCWE NameDescription
CWE-15External Control of System or Configuration SettingOne or more system settings or configuration elements can be externally controlled by a user.
CWE-276Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence