CVE-2018-5538

EUVD-2018-17307
On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
f5big-ip_domain_name_system
12.1.3 ≤
𝑥
≤ 12.1.3.5
f5big-ip_domain_name_system
13.1.0 <
𝑥
≤ 13.1.0.7
f5big-ip_global_traffic_manager
12.1.3 ≤
𝑥
≤ 12.1.3.5
f5big-ip_global_traffic_manager
13.1.0 ≤
𝑥
≤ 13.1.0.7
f5big-ip_local_traffic_manager
12.1.3 ≤
𝑥
≤ 12.1.3.5
f5big-ip_local_traffic_manager
13.1.0 ≤
𝑥
≤ 13.1.0.7
f5big-ip_link_controller
12.1.3 ≤
𝑥
≤ 12.1.3.5
f5big-ip_link_controller
13.1.0 ≤
𝑥
≤ 13.1.0.7
𝑥
= Vulnerable software versions
References
https://support.f5.com/csp/article/K45435121
https://support.f5.com/csp/article/K45435121