CVE-2019-10648

DEB

Critical

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdo…

CVSS

9.8

Critical

EPSS

0.02

p80

Published

2019-01-01

Updated

2019-01-01

Description

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.

Tags · CWE

Pre-auth

CWE-862

CAPEC-665

Affected products

RobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocodeRobocode

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

2019-01-01

Published

2019-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.022 · p80

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1211Exploitation for Stealth

└ via CAPEC-665 · CWE-862

T1542.002Component Firmware

└ via CAPEC-665 · CWE-862

T1556Modify Authentication Process

└ via CAPEC-665 · CWE-862

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Product	Vendor	Status
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked
robocode		Tracked

Showing first 20 of 22

Source databases

DEB

CVE

UBU