CVE-2018-5538

Published: Jul 25, 2018Modified: Nov 21, 2024

3.7

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".

Affected (8)

Products: F5: Big Ip Domain Name System, Big Ip Global Traffic Manager, Big Ip Local Traffic Manager, Big Ip Link Controller

4 products

Big Ip Domain Name System

Big Ip Global Traffic Manager

Big Ip Local Traffic Manager

Big Ip Link Controller

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Domain Name System	After 13.1.0 to 13.1.0.7
F5 Big Ip Domain Name System	From 12.1.3 to 12.1.3.5

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Global Traffic Manager	From 12.1.3 to 12.1.3.5
F5 Big Ip Global Traffic Manager	From 13.1.0 to 13.1.0.7

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Local Traffic Manager	From 12.1.3 to 12.1.3.5
F5 Big Ip Local Traffic Manager	From 13.1.0 to 13.1.0.7

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Link Controller	From 12.1.3 to 12.1.3.5
F5 Big Ip Link Controller	From 13.1.0 to 13.1.0.7

References (2)

https://support.f5.com/csp/article/K45435121

Source: f5sirt@f5.com

MitigationVendor Advisory

https://support.f5.com/csp/article/K45435121

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.