Reliance on Reverse DNS Resolution for a Security-Critical Action in IBM Observability with Instana

#VU86779 Reliance on Reverse DNS Resolution for a Security-Critical Action in IBM Observability with Instana

Published: 2024-02-26

Vulnerability identifier: #VU86779

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-37404

CWE-ID: CWE-350

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM Observability with Instana
Server applications / Other server solutions

Vendor:

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to reliance on reverse DNS resolution for a security-critical action. A remote unauthenticated attacker can execute arbitrary code on the host after a successful DNS poisoning attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://www.ibm.com/support/pages/node/7041863
http://exchange.xforce.ibmcloud.com/vulnerabilities/259789

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Reliance on reverse DNS resolution for a security-critical action in IBM Instana Observability