CVE-2018-5538 Information

Description

On F5 BIG-IP DNS 13.1.0-13.1.0.7 12.1.3-12.1.3.5 DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the ‘Allow NOTIFY From’ configuration parameter when the db variable \dnsexpress.notifyport\ is set to any value other than the default of \0.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

https://support.f5.com/csp/article/K45435121

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

3.7