CVE-2024-1488

high-risk

Published 2024-02-15

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.0/10 High

LOCAL / LOW complexity

Affected Products (20)

Unbound

Codeready Linux Builder

Codeready Linux Builder Eus

Codeready Linux Builder Eus For Power Little Endian

Codeready Linux Builder For Arm64

Codeready Linux Builder For Arm64 Eus

Codeready Linux Builder For Ibm Z Systems

Codeready Linux Builder For Ibm Z Systems Eus

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux For Arm 64

Affected Vendors

Redhat Fedoraproject

References (21)

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1750

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1751

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1780

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1801

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1802

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1804

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:2587

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:2696

https://access.redhat.com/errata/RHSA-2025:0837

Third Party Advisory https://access.redhat.com/security/cve/CVE-2024-1488

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2264183