cisco-sa-opendns-pulse-dos-dd8l3szq
Vulnerability from csaf_cisco
Published
2024-05-20 16:00
Modified
2024-05-23 16:28
Summary
Cisco OpenDNS Pulsing DNS Denial of Service Attack

Notes

Summary
The Cisco OpenDNS service was susceptible to a DNS pulsing attack due to improper handling if a large volume of queued DNS requests was received. This attack takes advantage of multiple commonly implemented DNS mechanisms. DNS queries are sent at a low rate and amplified into large-sized responses. This concentrates the DNS responses into a short, high-volume burst to overwhelm target systems.
Affected Products
The Cisco OpenDNS service had exposure to this issue.
Workarounds
There are no workarounds that address this issue.
Fixed Software
Cisco has addressed this issue in Cisco OpenDNS, which is cloud based. No user action is required. Customers can determine the current remediation status or software version by using the Help function in the service GUI. Customers who need additional information are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept guidelines are available for the attack described in this advisory. The Cisco PSIRT is not aware of any malicious use of this attack that is described in this advisory.
Source
Cisco would like to thank Xiang Li of Tsinghua University NISL Lab for reporting this issue.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.


To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "summary": "Cisco would like to thank Xiang Li of Tsinghua University NISL Lab for reporting this issue."
      }
    ],
    "category": "csaf_informational_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "The Cisco OpenDNS service was susceptible to a DNS pulsing attack due to improper handling if a large volume of queued DNS requests was received. This attack takes advantage of multiple commonly implemented DNS mechanisms. DNS queries are sent at a low rate and amplified into large-sized responses. This concentrates the DNS responses into a short, high-volume burst to overwhelm target systems.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "The Cisco OpenDNS service had exposure to this issue.",
        "title": "Affected Products"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this issue.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Cisco has addressed this issue in Cisco OpenDNS, which is cloud based. No user action is required. Customers can determine the current remediation status or software version by using the Help function in the service GUI.\r\n\r\nCustomers who need additional information are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept guidelines are available for the attack described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of this attack that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "Cisco would like to thank Xiang Li of Tsinghua University NISL Lab for reporting this issue.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco OpenDNS Pulsing DNS Denial of Service Attack",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-opendns-pulse-dos-Dd8L3sZq"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      }
    ],
    "title": "Cisco OpenDNS Pulsing DNS Denial of Service Attack",
    "tracking": {
      "current_release_date": "2024-05-23T16:28:32+00:00",
      "generator": {
        "date": "2024-05-23T16:28:34+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-opendns-pulse-dos-Dd8L3sZq",
      "initial_release_date": "2024-05-20T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2024-05-20T15:51:44+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        },
        {
          "date": "2024-05-23T16:28:32+00:00",
          "number": "1.1.0",
          "summary": "Updated to remove references to a vulnerability."
        }
      ],
      "status": "final",
      "version": "1.1.0"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.