vulnerability

F5 Networks: CVE-2018-5538: K45435121: DNS Express vulnerability CVE-2018-5538

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 24, 2018	Jul 25, 2018	Aug 23, 2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 24, 2018

Added

Jul 25, 2018

Modified

Aug 23, 2024

Description

On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".

Solution

f5-big-ip-upgrade-latest

References

CVE-2018-5538
https://attackerkb.com/topics/CVE-2018-5538
URL-https://my.f5.com/manage/s/article/K45435121

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today