Ericsson Enterprise Wireless

CPSEC-368: NetCloud OS (NCOS) Vulnerable to DNSpooq (DNSmasq)

2021-01-19 16:35:47

SUMMARY:

Cradlepoint devices running NetCloud OS (NCOS) use dnsmasq for domain resolution, domain caching and DHCP services on the local LAN. DNS is a configurable service within NCOS therefore possible configuration states and potential impacts are listed.

 


 

Public Disclosure: https://www.jsof-tech.com/disclosures/dnspooq/

Affected Components: NCOS versions up to 7.21.20

Recommendations:

  • Promptly test and upgrade to the latest NCOS version upon release
  • Disable (do not enable) DNSSEC until patched
  • Authenticate clients to the LAN using 802.1X
  • Do not configure firewall to expose DNS services (UDP port 53) on WAN interfaces

 

Default Configuration: DNSSEC disabled

  • Cradlepoint Severity: Low/Medium (dependent upon environment)
  • Potentially Impacted: Local LAN users, clients, and services
  • Potential Attack Path: Local LAN
  • Associated CVEs:
    • CVE-2020-25684
    • CVE-2020-25685
    • CVE-2020-25686

 

Modified Configuration: DNSSEC enabled

  • Cradlepoint Severity: Medium/High (dependent upon environment)
  • Potentially Impacted:
    • Device and sub-services
    • Local LAN users, clients, and services
  • Potential Attack Path: Local LAN
  • Associated CVEs:
    • CVE-2020-25681
    • CVE-2020-25682
    • CVE-2020-25683
    • CVE-2020-25687

 

Modified Configuration: DNS services exposed on WAN

  • Cradlepoint Severity: Critical (dependent upon environment)
  • Potentially Impacted: See above
  • Potential Attack Paths:
    • WAN interfaces
    • Local LAN
  • Associated CVEs: See above