CVE-2018-5538

On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".

CVSS v3 3.7 LOW
CVSS v2.0 4.3 MEDIUM

3.7^/10

CVSS v3 : LOW

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://support.f5.com/csp/article/K45435121	Mitigation Vendor Advisory
https://support.f5.com/csp/article/K45435121	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::

Configuration 3 (hide)

OR	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::

Configuration 4 (hide)

OR	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::

History

21 Nov 2024, 04:09

Type	Values Removed	Values Added
References	~~() https://support.f5.com/csp/article/K45435121 - Mitigation, Vendor Advisory~~	() https://support.f5.com/csp/article/K45435121 - Mitigation, Vendor Advisory

Information

Published : 2018-07-25 14:29

Updated : 2024-11-21 04:09

NVD link : CVE-2018-5538

Mitre link : CVE-2018-5538

CVE.ORG link : CVE-2018-5538

JSON object : View

Products Affected

f5

big-ip_local_traffic_manager
big-ip_domain_name_system
big-ip_link_controller
big-ip_global_traffic_manager

CWE

NVD-CWE-noinfo

{"id": "CVE-2018-5538", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2018-07-25T14:29:00.383", "references": [{"url": "https://support.f5.com/csp/article/K45435121", "tags": ["Mitigation", "Vendor Advisory"], "source": "f5sirt@f5.com"}, {"url": "https://support.f5.com/csp/article/K45435121", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable \"dnsexpress.notifyport\" is set to any value other than the default of \"0\"."}, {"lang": "es", "value": "En F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones aceptan mensajes NOTIFY en la interfaz de gesti\u00f3n desde las direcciones IP de origen que no est\u00e1n listadas en el par\u00e1metro de configuraci\u00f3n \"Allow NOTIFY From\" cuando la variable db \"dnsexpress.notifyport\" se asigna con un valor diferente al \"0\" por defecto."}], "lastModified": "2024-11-21T04:09:01.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7100AD4-3AA9-40DA-BE92-219166DB207D", "versionEndIncluding": "12.1.3.5", "versionStartIncluding": "12.1.3"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B33C750F-0ED9-4D93-A2B3-D10B23383D63", "versionEndIncluding": "13.1.0.7", "versionStartExcluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57969CDF-B60C-4208-9269-E3E84EC59837", "versionEndIncluding": "12.1.3.5", "versionStartIncluding": "12.1.3"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DAC2749-3880-4587-BCC2-16E1018AFF84", "versionEndIncluding": "13.1.0.7", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A488F2F-C459-4ECF-B382-8209793E6EF8", "versionEndIncluding": "12.1.3.5", "versionStartIncluding": "12.1.3"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D14FAFD8-6A8B-45DC-A1A4-054314B4A317", "versionEndIncluding": "13.1.0.7", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A983F846-99FD-4F43-829D-4772D6D2D7D7", "versionEndIncluding": "12.1.3.5", "versionStartIncluding": "12.1.3"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3746A469-4B03-45EA-860D-F28DC08C02AE", "versionEndIncluding": "13.1.0.7", "versionStartIncluding": "13.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}