References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

https://kb.isc.org/docs/cve-2024-28872

NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST CWE-295

OR
     *cpe:2.3:a:isc:stork:*:*:*:*:*:*:*:* versions from (including) 0.15.0 up to (excluding) 1.15.1

https://kb.isc.org/docs/cve-2024-28872 No Types Assigned

https://kb.isc.org/docs/cve-2024-28872 Vendor Advisory

The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management t

Internet Systems Consortium (ISC) AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H

Internet Systems Consortium (ISC) https://kb.isc.org/docs/cve-2024-28872 [No types assigned]