CVE-2018-5538

On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".

Published: Jul 25, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-5538
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.7
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
f5 / big-ip_domain_name_system	13.1.0.x	13.1.0.7.x
f5 / big-ip_domain_name_system	12.1.3	12.1.3.5.x
f5 / big-ip_global_traffic_manager	13.1.0	13.1.0.7.x
f5 / big-ip_global_traffic_manager	12.1.3	12.1.3.5.x
f5 / big-ip_local_traffic_manager	13.1.0	13.1.0.7.x
f5 / big-ip_local_traffic_manager	12.1.3	12.1.3.5.x
f5 / big-ip_link_controller	13.1.0	13.1.0.7.x
f5 / big-ip_link_controller	12.1.3	12.1.3.5.x

https://support.f5.com/csp/article/K45435121

Vulnerability Database

289,599

CVE-2018-5538