CVE-2018-5538
Severity Score
3.7
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".
En F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones aceptan mensajes NOTIFY en la interfaz de gestión desde las direcciones IP de origen que no están listadas en el parámetro de configuración "Allow NOTIFY From" cuando la variable db "dnsexpress.notifyport" se asigna con un valor diferente al "0" por defecto.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-12 CVE Reserved
- 2018-07-25 CVE Published
- 2024-05-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.f5.com/csp/article/K45435121 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| F5 Search vendor "F5" | Big-ip Domain Name System Search vendor "F5" for product "Big-ip Domain Name System" | >= 12.1.3 <= 12.1.3.5 Search vendor "F5" for product "Big-ip Domain Name System" and version " >= 12.1.3 <= 12.1.3.5" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Domain Name System Search vendor "F5" for product "Big-ip Domain Name System" | > 13.1.0 <= 13.1.0.7 Search vendor "F5" for product "Big-ip Domain Name System" and version " > 13.1.0 <= 13.1.0.7" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Global Traffic Manager Search vendor "F5" for product "Big-ip Global Traffic Manager" | >= 12.1.3 <= 12.1.3.5 Search vendor "F5" for product "Big-ip Global Traffic Manager" and version " >= 12.1.3 <= 12.1.3.5" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Global Traffic Manager Search vendor "F5" for product "Big-ip Global Traffic Manager" | >= 13.1.0 <= 13.1.0.7 Search vendor "F5" for product "Big-ip Global Traffic Manager" and version " >= 13.1.0 <= 13.1.0.7" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Local Traffic Manager Search vendor "F5" for product "Big-ip Local Traffic Manager" | >= 12.1.3 <= 12.1.3.5 Search vendor "F5" for product "Big-ip Local Traffic Manager" and version " >= 12.1.3 <= 12.1.3.5" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Local Traffic Manager Search vendor "F5" for product "Big-ip Local Traffic Manager" | >= 13.1.0 <= 13.1.0.7 Search vendor "F5" for product "Big-ip Local Traffic Manager" and version " >= 13.1.0 <= 13.1.0.7" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Link Controller Search vendor "F5" for product "Big-ip Link Controller" | >= 12.1.3 <= 12.1.3.5 Search vendor "F5" for product "Big-ip Link Controller" and version " >= 12.1.3 <= 12.1.3.5" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Link Controller Search vendor "F5" for product "Big-ip Link Controller" | >= 13.1.0 <= 13.1.0.7 Search vendor "F5" for product "Big-ip Link Controller" and version " >= 13.1.0 <= 13.1.0.7" | - |
Affected
| ||||||