CVE-2024-1488
HIGHUnbound < 1.19.1-2.fc40 - Unauthenticated Configuration Manipulation via Localhost Port 8953
Title source: llmDescription
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
References (11)
Core 11
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1750
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1751
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1780
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1801
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1802
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1804
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2587
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2696
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:0837
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-1488
Issue Tracking, Patch issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2264183
Scores
CVSS v3
8.0
EPSS
0.0011
EPSS Percentile
29.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-276
Status
published
Products (50)
fedoraproject/unbound
< 1.19.1-2.fc40
redhat/codeready_linux_builder
9.0
redhat/codeready_linux_builder_eus
9.2
redhat/codeready_linux_builder_eus
9.4
redhat/codeready_linux_builder_eus_for_power_little_endian
9.0_ppc64le
redhat/codeready_linux_builder_eus_for_power_little_endian
9.2_ppc64le
redhat/codeready_linux_builder_for_arm64
9.0_aarch64
redhat/codeready_linux_builder_for_arm64
9.2_aarch64
redhat/codeready_linux_builder_for_arm64_eus
9.4_aarch64
redhat/codeready_linux_builder_for_ibm_z_systems
9.0_s390x
... and 40 more
Published
Feb 15, 2024
Tracked Since
Feb 18, 2026