F5 Networks BIG-IP : DNS Express vulnerability (K45435121)

Medium Nessus Plugin ID 118666

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable 'dnsexpress.notifyport' is set to any value other than the default of '0'. (CVE-2018-5538)

Impact

This vulnerability may allow a malicious actor to cause DNS Express to constantly check for updates. An update only occurs if the zone's serial number has changed.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K45435121.

See Also

https://support.f5.com/csp/#/article/K45435121

Plugin Details

Severity: Medium

ID: 118666

File Name: f5_bigip_SOL45435121.nasl

Version: 1.1

Type: local

Published: 2018/11/02

Modified: 2018/11/02

Dependencies: 76940

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3.0

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version, Settings/ParanoidReport

Patch Publication Date: 2018/07/24

Reference Information

CVE: CVE-2018-5538