Security readout for executives and security teams
Plain-English summary
Avahi can answer certain IPv6 discovery traffic when it should not. An attacker could use exposed devices to amplify UDP traffic, contributing to denial of service, and may receive sensitive service information from the device.
Executive priority
Treat as a high-priority infrastructure hygiene issue for exposed networks. Prioritize internet-adjacent or untrusted-segment systems first, because the business impact is service disruption and information exposure rather than data modification.
Technical view
CVE-2017-6519 affects avahi-daemon in Avahi through 0.6.32 and 0.7. The daemon may respond to IPv6 unicast queries from source addresses that are not on-link, violating expected source validation and enabling UDP/5353 amplification and information leakage.
Likely exposure
Exposure is most likely on Linux or Unix-like systems running avahi-daemon with IPv6 and UDP/5353 reachable from untrusted networks. The bundle’s affected-product metadata is incomplete, so confirm through installed package inventory rather than CPE matching alone.
Exploitation context
The source bundle does not show CISA KEV listing or cited active exploitation. The risk is still material because exploitation is remote, unauthenticated, low-complexity, and can support denial-of-service amplification or unwanted service discovery disclosure.
Researcher notes
The record notes possible overlap with CVE-2015-2809. Public affected metadata is sparse, but the description clearly identifies Avahi through 0.6.32 and 0.7 behavior around IPv6 source validation on UDP/5353.
Mitigation direction
- Inventory systems running avahi-daemon and record package versions.
- Apply vendor Avahi updates where available, including relevant Ubuntu advisories.
- Restrict UDP/5353 from untrusted IPv6 networks where business use allows.
- Disable Avahi on systems that do not require local service discovery.
- Check vendor guidance for platform-specific remediation before rollout.
Validation and detection
- Confirm whether avahi-daemon is installed and running on exposed assets.
- Verify deployed Avahi versions against vendor advisory status.
- Review firewall policy for inbound and outbound UDP/5353 over IPv6.
- Look for unexpected mDNS traffic crossing network boundaries.
- Document compensating controls where patching is delayed.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-346: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCVE-2017-6519 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Critical
- CVSS
- 9.1 (3.1)
- Known Exploited
- No
- Published
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H3.95.2Primary CVE scoreVulnerability scoring details
Base CVSS 3.1 score
9.1CriticalVector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Source materials
- CVE List V5 sourceCVE List V5
- https://github.com/lathiat/avahi/issues/203#issuecomment-449536790CVE reference · x_refsource_MISC
- USN-3876-1CVE reference · vendor-advisory, x_refsource_UBUNTU
- https://bugzilla.redhat.com/show_bug.cgi?id=1426712CVE reference · x_refsource_MISC
- USN-3876-2CVE reference · vendor-advisory, x_refsource_UBUNTU
- https://www.secfu.net/advisoriesCVE reference · x_refsource_MISC
- [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 imageCVE reference · mailing-list, x_refsource_MLIST
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
Origin Validation Error
Origin Validation Error represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
