Network Communication / External Service Interaction (DNS)


Description External service interaction (DNS) is a type of network communication vulnerability. The Common Weakness Enumeration (CWE) directory identifies this vulnerability as CWE-400. This vulnerability occurs when an application interacts with an external service, such as a Domain Name System (DNS) server, and does not properly validate input. This can lead to malicious actors taking control of a system, allowing them to access sensitive information and compromise the system’s security. (OWASP Testing Guide, 2019)

Risk The risk associated with this vulnerability is that an attacker could gain access to the system and cause harm, such as stealing or deleting sensitive data or disrupting operations. This vulnerability can have a devastating impact on the organization, as it could lead to a loss of customer data and trust, or the shutdown of operations due to an attack. Organizations must assess their risks and ensure their systems have the proper security measures in place to protect against this type of attack.

Solution Organizations should ensure that their applications are designed to validate input from external services and protect against malicious actors. This can be done by implementing input validation and authentication measures, as well as by whitelisting certain IP addresses or domains. Additionally, organizations should consider implementing a web application firewall (WAF) to monitor and protect their networks from malicious traffic.

Example The following code example is taken from the CVE-2018-1000848 vulnerability. This vulnerability occurs when the BIND DNS server is configured to allow recursion and when clients are allowed to query the server.

options {
  allow-recursion {

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.