CPSEC-368: NetCloud OS (NCOS) Vulnerable to DNSpooq (DNSmasq)

2021-01-19 16:35:47

SUMMARY:

Cradlepoint devices running NetCloud OS (NCOS) use dnsmasq for domain resolution, domain caching and DHCP services on the local LAN. DNS is a configurable service within NCOS therefore possible configuration states and potential impacts are listed.

 

---

 

Public Disclosure: https://www.jsof-tech.com/disclosures/dnspooq/

Affected Components: NCOS versions up to 7.21.20

Recommendations:

• Promptly test and upgrade to the latest NCOS version upon release
• Disable (do not enable) DNSSEC until patched
• Authenticate clients to the LAN using 802.1X
• Do not configure firewall to expose DNS services (UDP port 53) on WAN interfaces

 

Default Configuration: DNSSEC disabled

• Cradlepoint Severity: Low/Medium (dependent upon environment)
• Potentially Impacted: Local LAN users, clients, and services
• Potential Attack Path: Local LAN
• Associated CVEs:
  • CVE-2020-25684
  • CVE-2020-25685
  • CVE-2020-25686

 

Modified Configuration: DNSSEC enabled

• Cradlepoint Severity: Medium/High (dependent upon environment)
• Potentially Impacted:
  • Device and sub-services
  • Local LAN users, clients, and services
• Potential Attack Path: Local LAN
• Associated CVEs:
  • CVE-2020-25681
  • CVE-2020-25682
  • CVE-2020-25683
  • CVE-2020-25687

 

Modified Configuration: DNS services exposed on WAN

• Cradlepoint Severity: Critical (dependent upon environment)
• Potentially Impacted: See above
• Potential Attack Paths:
  • WAN interfaces
  • Local LAN
• Associated CVEs: See above