CVE-2002-2213

CVE-2002-2213 is a medium-severity vulnerability in Infoblox Dns One with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Frequently asked questions

What is CVE-2002-2213?
The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
How severe is CVE-2002-2213?
CVE-2002-2213 has a CVSS 2.0 base score of 5.0, rated medium severity.
Is CVE-2002-2213 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (82nd percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2002-2213?
CVE-2002-2213 primarily affects Infoblox Dns One. In total, 32 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2002-2213?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2002-2213 published?
CVE-2002-2213 was published on 2002-12-31 and last updated on 2026-06-16.

References

Affected products (32)