Detections
Analytics

F5 Networks BIG-IP : BIND vulnerability (K97810133)

high Nessus Plugin ID 137378

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.2 / 12.1.5.2 / 13.1.3.4 / 14.1.2.6 / 15.0.1.4 / 15.1.0.4 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K97810133 advisory.

 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and the attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.(CVE-2020-8616)For more information, refer toISC Security Advisory CVE-2020-8616and theacademic paper, NXNSAttack, prepared by the discoverers and reporters of this vulnerability.Note: These links takeyou to resources outside of AskF5, and it is possible that the documents may be removed without our knowledge.ImpactThis vulnerability has at least two potential effects: the performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and the attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.An attacker could exploit this vulnerability to generate a large number of communications between the BIG-IP system and the victim's authoritative DNS server to cause a distributed denial-of-service (DDoS) attack.

Tenable has extracted the preceding description block directly from the F5 Networks BIG-IP security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K97810133.

See Also

https://my.f5.com/manage/s/article/K97810133

Plugin Details

Severity: High

ID: 137378

File Name: f5_bigip_SOL97810133.nasl

Version: 1.10

Type: Local

Published: 6/12/2020

Updated: 4/27/2026

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2020-8616

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/h:f5:big-ip, cpe:/a:f5:big-ip_application_visibility_and_reporting

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/20/2020

Vulnerability Publication Date: 5/19/2020

Reference Information

CVE: CVE-2020-8616