Vulnerabilities > CVE-2019-6472 - Reachable Assertion vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0

047910
CVSS 6.5 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
low complexity
isc
CWE-617
nessus

Summary

A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

Vulnerable Configurations

Part Description Count
Application
Isc
9

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_20B92374D62A11E9AF73001B217E4EE5.NASL
    descriptionInternet Systems Consortium, Inc. reports : A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate (CVE-2019-6472) [Medium] An invalid hostname option can cause the kea-dhcp4 server to terminate (CVE-2019-6473) [Medium] An oversight when validating incoming client requests can lead to a situation where the Kea server will exit when trying to restart (CVE-2019-6474) [Medium]
    last seen2020-06-01
    modified2020-06-02
    plugin id129114
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129114
    titleFreeBSD : ISC KEA -- Multiple vulnerabilities (20b92374-d62a-11e9-af73-001b217e4ee5)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-0811A88D77.NASL
    descriptionFixes for CVE-2019-6472, CVE-2019-6473 and CVE-2019-6474 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128561
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128561
    titleFedora 30 : kea (2019-0811a88d77)