Detections
Analytics

F5 Networks BIG-IP : BIND vulnerability (K97810133)

high Nessus Plugin ID 137378

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and the attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.(CVE-2020-8616)

For more information, refer toISC Security Advisory CVE-2020-8616 and the academic paper, NXNSAttack, prepared by the discoverers and reporters of this vulnerability.

Note : These links takeyou to resources outside of AskF5, and it is possible that the documents may be removed without our knowledge.

Impact

This vulnerability has at least two potential effects: the performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and the attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.

An attacker could exploit this vulnerability to generate a large number of communications between the BIG-IP system and the victim's authoritative DNS server to cause a distributed denial-of-service (DDoS) attack.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K97810133.

See Also

https://my.f5.com/manage/s/article/K97810133

Plugin Details

Severity: High

ID: 137378

File Name: f5_bigip_SOL97810133.nasl

Version: 1.9

Type: local

Published: 6/12/2020

Updated: 3/7/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2020-8616

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/20/2020

Vulnerability Publication Date: 5/19/2020

Reference Information

CVE: CVE-2020-8616