F5 Networks BIG-IP : DNS Express vulnerability (K45435121)

Medium Nessus Plugin ID 118666

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS
Zones accept NOTIFY messages on the management interface from source
IP addresses not listed in the 'Allow NOTIFY From' configuration
parameter when the db variable 'dnsexpress.notifyport' is set to any
value other than the default of '0'. (CVE-2018-5538)

Impact

This vulnerability may allow a malicious actor to cause DNS Express to
constantly check for updates. An update only occurs if the zone's
serial number has changed.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5
Solution K45435121.

See Also

https://support.f5.com/csp/article/K45435121

Plugin Details

Severity: Medium

ID: 118666

File Name: f5_bigip_SOL45435121.nasl

Version: 1.2

Type: local

Published: 2018/11/02

Modified: 2019/01/04

Dependencies: 76940

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3.0

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/h:f5:big-ip

Patch Publication Date: 2018/07/24

Reference Information

CVE: CVE-2018-5538