CVE-2018-5538

On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
f5CNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
f5big-ip_domain_name_system
12.1.3 ≤
𝑥
≤ 12.1.3.5
f5big-ip_domain_name_system
13.1.0 <
𝑥
≤ 13.1.0.7
f5big-ip_global_traffic_manager
12.1.3 ≤
𝑥
≤ 12.1.3.5
f5big-ip_global_traffic_manager
13.1.0 ≤
𝑥
≤ 13.1.0.7
f5big-ip_local_traffic_manager
12.1.3 ≤
𝑥
≤ 12.1.3.5
f5big-ip_local_traffic_manager
13.1.0 ≤
𝑥
≤ 13.1.0.7
f5big-ip_link_controller
12.1.3 ≤
𝑥
≤ 12.1.3.5
f5big-ip_link_controller
13.1.0 ≤
𝑥
≤ 13.1.0.7
𝑥
= Vulnerable software versions
References
https://support.f5.com/csp/article/K45435121
https://support.f5.com/csp/article/K45435121