Software Engineering Institute

Statement Date:   February 08, 2021

Vendor Statement

Check Point Gaia is not vulnerable.

Check Point SMB is vulnerable to CVE-2020-25686, CVE-2020-25684, CVE-2020-25685 on internal (LAN, Wi-Fi) networks. And updated firware is available at https://supportcenter.checkpoint.com/

Statement Date:   January 02, 2021

Vendor Statement

We have not received a statement from the vendor.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g

Statement Date:   January 19, 2021

Vendor Statement

Cradlepoint devices running NetCloud OS (NCOS) use dnsmasq for domain resolution, domain caching and DHCP services on the local LAN. DNS is a configurable service within NCOS therefore possible configuration states and potential impacts are listed.

Affected Components: NCOS versions up to 7.21.20

Recommendations:
Promptly test and upgrade to the latest NCOS version upon release
Disable (do not enable) DNSSEC until patched
Authenticate clients to the LAN using 802.1X
Do not configure firewall to expose DNS services (UDP port 53) on WAN interfaces

Default Configuration: DNSSEC disabled

Cradlepoint Severity: Low/Medium (dependent upon environment)
Potentially Impacted: Local LAN users, clients and services
Potential attack path: Local LAN
Associated CVEs: CVE-2020-25684, CVE-2020-25685, CVE-2020-25686

Modified Configuration: DNSSEC enabled

Cradlepoint Severity: Medium/High (dependent upon environment)
Potentially Impacted: Device and sub-services; Local LAN users, clients and services
Potential attack path: Local LAN
Associated CVEs: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687

Modified Configuration: DNS services exposed on WAN

Cradlepoint Severity: Critical (dependent upon environment)
Potentially Impacted: See above
Potential attack paths: WAN interfaces; Local LAN
Associated CVEs: See above

References

• https://cradlepoint.com/about-us/trust/

Statement Date:   January 11, 2021

Vendor Statement

We have not received a statement from the vendor.

Statement Date:   July 20, 2021

Vendor Statement

Digi International has patched this in firmware versions 21.2.X.X on all of our DAL based products, which includes: Digi AnywhereUSB Plus 2 Digi AnywhereUSB Plus 8 Digi AnywhereUSB Plus 8 WiFi Digi AnywhereUSB Plus 24 Digi AnywhereUSB Plus 24 WiFi Digi Connect EZ1 (mini) Digi Connect EZ2 Digi Connect EZ4 Digi ConnectIT4 Digi ConnectIT16 Digi ConnectIT48 Digi ConnectIT-Mini Digi EX15 Digi EX15-PR Digi EX15W Digi EX15W-PR Digi EX12 Digi EX12-PR Digi IX10 Digi IX14 Digi IX15 Digi IX20

Digi IX20-PR Digi IX20W Digi IX20W-PR Digi LR54 Digi LR54W Digi TX54-Dual-Cellular Digi TX54-Dual-Cellular-PR Digi TX54-Dual-Wi-Fi Digi TX54-Single-Cellular Digi TX54-Single-Cellular-PR Digi TX64 Digi TX64-PR Digi TX64-Rail-Single-Cellular-PR Digi VirtualDAL Digi VirtualDAL-PR AcceleratedConcepts 6350-SR AcceleratedConcepts 6355-SR AcceleratedConcepts 6330-MX AcceleratedConcepts 6335-MX AcceleratedConcepts 6310-DX AcceleratedConcepts 5400-RM AcceleratedConcepts 5401-RM AcceleratedConcepts 6300-CX

References

• https://ftp1.digi.com/support/firmware/dal/ConnectIT/ConnectIT_21.2.39.67_93001322.pdf

Statement Date:   May 31, 2021

Vendor Statement

Fujitsu is aware of the security vulnerabilities in software dnsmasq, also known as "DNSpooq".

Affected products are Fujitsu INTELLIEDGE, Fujitsu ServerView Services for ISM, Fujitsu SOA SysRollout Service, Fujitsu SOA Profile Management Service, Fujitsu ISM (Core) and Fujitsu FlexFrame Orchestrator (SAP). Updates are pending or already available.

The Fujitsu PSIRT has updated the state for Fujitsu PSIRT-IS-2021-011900 on https://security.ts.fujitsu.com (Security Notices) accordingly.

In case of questions regarding this Fujitsu PSIRT Security Notice, please contact the Fujitsu PSIRT (Fujitsu-PSIRT@ts.fujitsu.com).

Statement Date:   February 04, 2021

Vendor Statement

The Juniper SIRT has investigated the impact of these vulnerabilities on Juniper products. Juniper Networks Junos OS, Space, and Contrail products are unaffected by these vulnerabilities.

Juniper Mist Access Points (APs) ship with Dnsmasq and are only affected by the vulnerabilities via DNS (CVE-2020-25684, CVE-2020-25685, CVE-2020-25686) 4.0/CVSS:3.1.

The Wi-Fi mPIM (Mini-PIM) card for SRX branch devices ship with Dnsmasq enabled by default and is reachable from the network. Only vulnerabilities (CVE-2020-25684, CVE-2020-25685, CVE-2020-25686): 4.0/CVSS:3.1 via DNS affect this card.

Code fixes are underway for Mist and the Mini-PIM card and customers should upgrade when those fixes are available.

Security Incident Response Team Juniper Networks

Statement Date:   June 19, 2023

Vendor Statement

NetBSD does not ship dnsmasq and is not affected.

pkgsrc users, on any platform, who have elected to install net/dnsmasq may be affected, and were informed back in 2020 through the pkg-vulnerabilities database.

Statement Date:   January 14, 2021

Vendor Statement

Netgear has released fixes for multiple Dnsmasq security vulnerabilities on the following product affected models: RAX40 running firmware versions prior to v1.0.3.88 RAX35 running firmware versions prior to v1.0.3.88

NETGEAR strongly recommends that you download the latest firmware as soon as possible.

You and follow the steps mentioned in the security advisory to upgrade it to the latest version. https://kb.netgear.com/000062628/Security-Advisory-for-Multiple-Dnsmasq-Vulnerabilities-on-Some-Routers-PSV-2020-0463

Thanks, Rachit Dogra

References

• https://kb.netgear.com/000062628/Security-Advisory-for-Multiple-Dnsmasq-Vulnerabilities-on-Some-Routers-PSV-2020-0463