CVE-2018-5532
First published: Thu Jul 19 2018(Updated: )
On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Riverbed SteelApp Traffic Manager | >=11.2.1<=11.5.6 | |
| Riverbed SteelApp Traffic Manager | >=11.6.0<=11.6.3.1 | |
| Riverbed SteelApp Traffic Manager | >=12.1.0<=12.1.2 | |
| Riverbed SteelApp Traffic Manager | =13.0.0 | |
| F5 BIG-IP Application Acceleration Manager | >=11.2.1<=11.5.6 | |
| F5 BIG-IP Application Acceleration Manager | >=11.6.0<=11.6.3.1 | |
| F5 BIG-IP Application Acceleration Manager | >=12.1.0<=12.1.2 | |
| F5 BIG-IP Application Acceleration Manager | =13.0.0 | |
| F5 BIG-IP Advanced Firewall Manager | >=11.2.1<=11.5.6 | |
| F5 BIG-IP Advanced Firewall Manager | >=11.6.0<=11.6.3.1 | |
| F5 BIG-IP Advanced Firewall Manager | >=12.1.0<=12.1.2 | |
| F5 BIG-IP Advanced Firewall Manager | =13.0.0 | |
| F5 BIG-IP Analytics | >=11.2.1<=11.5.6 | |
| F5 BIG-IP Analytics | >=11.6.0<=11.6.3.1 | |
| F5 BIG-IP Analytics | >=12.1.0<=12.1.2 | |
| F5 BIG-IP Analytics | =13.0.0 | |
| F5 Access Policy Manager | >=11.2.1<=11.5.6 | |
| F5 Access Policy Manager | >=11.6.0<=11.6.3.1 | |
| F5 Access Policy Manager | >=12.1.0<=12.1.2 | |
| F5 Access Policy Manager | =13.0.0 | |
| F5 Application Security Manager | >=10.1.0<=11.5.6 | |
| F5 Application Security Manager | >=11.6.0<=11.6.3.1 | |
| F5 Application Security Manager | >=12.1.0<=12.1.2 | |
| F5 Application Security Manager | =13.0.0 | |
| F5 BIG-IP | >=11.2.1<=11.5.6 | |
| F5 BIG-IP | >=11.6.0<=11.6.3.1 | |
| F5 BIG-IP | >=12.1.0<=12.1.2 | |
| F5 BIG-IP | =13.0.0 | |
| F5 BIG-IP Edge Gateway | >=11.2.1<=11.5.6 | |
| F5 BIG-IP Edge Gateway | >=11.6.0<=11.6.3.1 | |
| F5 BIG-IP Edge Gateway | >=12.1.0<=12.1.2 | |
| F5 BIG-IP Edge Gateway | =13.0.0 | |
| F5 BIG-IP Fraud Protection Service | >=11.2.1<=11.5.6 | |
| F5 BIG-IP Fraud Protection Service | >=11.6.0<=11.6.3.1 | |
| F5 BIG-IP Fraud Protection Service | >=12.1.0<=12.1.2 | |
| F5 BIG-IP Fraud Protection Service | =13.0.0 | |
| Riverbed SteelApp Traffic Manager | >=11.2.1<=11.5.6 | |
| Riverbed SteelApp Traffic Manager | >=11.6.0<=11.6.3.1 | |
| Riverbed SteelApp Traffic Manager | >=12.1.0<=12.1.2 | |
| Riverbed SteelApp Traffic Manager | =13.0.0 | |
| F5 BIG-IP Link Controller | >=11.2.1<=11.5.6 | |
| F5 BIG-IP Link Controller | >=11.6.0<=11.6.3.1 | |
| F5 BIG-IP Link Controller | >=12.1.0<=12.1.2 | |
| F5 BIG-IP Link Controller | =13.0.0 | |
| F5 BIG-IP Policy Enforcement Manager | >=11.2.1<=11.5.6 | |
| F5 BIG-IP Policy Enforcement Manager | >=11.6.0<=11.6.3.1 | |
| F5 BIG-IP Policy Enforcement Manager | >=12.1.0<=12.1.2 | |
| F5 BIG-IP Policy Enforcement Manager | =13.0.0 | |
| F5 BIG-IP WebAccelerator | >=11.2.1<=11.5.6 | |
| F5 BIG-IP WebAccelerator | >=11.6.0<=11.6.3.1 | |
| F5 BIG-IP WebAccelerator | >=12.1.0<=12.1.2 | |
| F5 BIG-IP WebAccelerator | =13.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-5532?
CVE-2018-5532 has been classified as a high-severity vulnerability that may allow for outdated DNS data to be used after a record has been revoked.
How do I fix CVE-2018-5532?
To mitigate CVE-2018-5532, it is recommended to upgrade to a patched version of F5 BIG-IP software beyond the affected versions listed in the vulnerability report.
Which versions of F5 BIG-IP are affected by CVE-2018-5532?
CVE-2018-5532 affects F5 BIG-IP versions 11.2.1 to 11.5.6, 11.6.0 to 11.6.3.1, 12.1.0 to 12.1.2, and 13.0.0.
Can CVE-2018-5532 lead to data exposure?
Yes, CVE-2018-5532 can lead to data exposure as it allows for the potential use of cached DNS records after they have been revoked.
Is there a workaround for CVE-2018-5532?
While upgrading to a secure version is the best solution, temporary measures may include monitoring DNS requests to identify and handle unauthorized caches.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/riverbed steelapp traffic manager
- version/riverbed steelapp traffic manager/11.2.1
- version/riverbed steelapp traffic manager/11.5.6
- version/riverbed steelapp traffic manager/11.6.0
- version/riverbed steelapp traffic manager/11.6.3.1
- version/riverbed steelapp traffic manager/12.1.0
- version/riverbed steelapp traffic manager/12.1.2
- version/riverbed steelapp traffic manager/13.0.0
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/11.2.1
- version/f5 big-ip application acceleration manager/11.5.6
- version/f5 big-ip application acceleration manager/11.6.0
- version/f5 big-ip application acceleration manager/11.6.3.1
- version/f5 big-ip application acceleration manager/12.1.0
- version/f5 big-ip application acceleration manager/12.1.2
- version/f5 big-ip application acceleration manager/13.0.0
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/11.2.1
- version/f5 big-ip advanced firewall manager/11.5.6
- version/f5 big-ip advanced firewall manager/11.6.0
- version/f5 big-ip advanced firewall manager/11.6.3.1
- version/f5 big-ip advanced firewall manager/12.1.0
- version/f5 big-ip advanced firewall manager/12.1.2
- version/f5 big-ip advanced firewall manager/13.0.0
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/11.2.1
- version/f5 big-ip analytics/11.5.6
- version/f5 big-ip analytics/11.6.0
- version/f5 big-ip analytics/11.6.3.1
- version/f5 big-ip analytics/12.1.0
- version/f5 big-ip analytics/12.1.2
- version/f5 big-ip analytics/13.0.0
- canonical/f5 access policy manager
- version/f5 access policy manager/11.2.1
- version/f5 access policy manager/11.5.6
- version/f5 access policy manager/11.6.0
- version/f5 access policy manager/11.6.3.1
- version/f5 access policy manager/12.1.0
- version/f5 access policy manager/12.1.2
- version/f5 access policy manager/13.0.0
- canonical/f5 application security manager
- version/f5 application security manager/10.1.0
- version/f5 application security manager/11.5.6
- version/f5 application security manager/11.6.0
- version/f5 application security manager/11.6.3.1
- version/f5 application security manager/12.1.0
- version/f5 application security manager/12.1.2
- version/f5 application security manager/13.0.0
- canonical/f5 big-ip
- version/f5 big-ip/11.2.1
- version/f5 big-ip/11.5.6
- version/f5 big-ip/11.6.0
- version/f5 big-ip/11.6.3.1
- version/f5 big-ip/12.1.0
- version/f5 big-ip/12.1.2
- version/f5 big-ip/13.0.0
- canonical/f5 big-ip edge gateway
- version/f5 big-ip edge gateway/11.2.1
- version/f5 big-ip edge gateway/11.5.6
- version/f5 big-ip edge gateway/11.6.0
- version/f5 big-ip edge gateway/11.6.3.1
- version/f5 big-ip edge gateway/12.1.0
- version/f5 big-ip edge gateway/12.1.2
- version/f5 big-ip edge gateway/13.0.0
- canonical/f5 big-ip fraud protection service
- version/f5 big-ip fraud protection service/11.2.1
- version/f5 big-ip fraud protection service/11.5.6
- version/f5 big-ip fraud protection service/11.6.0
- version/f5 big-ip fraud protection service/11.6.3.1
- version/f5 big-ip fraud protection service/12.1.0
- version/f5 big-ip fraud protection service/12.1.2
- version/f5 big-ip fraud protection service/13.0.0
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/11.2.1
- version/f5 big-ip link controller/11.5.6
- version/f5 big-ip link controller/11.6.0
- version/f5 big-ip link controller/11.6.3.1
- version/f5 big-ip link controller/12.1.0
- version/f5 big-ip link controller/12.1.2
- version/f5 big-ip link controller/13.0.0
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/11.2.1
- version/f5 big-ip policy enforcement manager/11.5.6
- version/f5 big-ip policy enforcement manager/11.6.0
- version/f5 big-ip policy enforcement manager/11.6.3.1
- version/f5 big-ip policy enforcement manager/12.1.0
- version/f5 big-ip policy enforcement manager/12.1.2
- version/f5 big-ip policy enforcement manager/13.0.0
- canonical/f5 big-ip webaccelerator
- version/f5 big-ip webaccelerator/11.2.1
- version/f5 big-ip webaccelerator/11.5.6
- version/f5 big-ip webaccelerator/11.6.0
- version/f5 big-ip webaccelerator/11.6.3.1
- version/f5 big-ip webaccelerator/12.1.0
- version/f5 big-ip webaccelerator/12.1.2
- version/f5 big-ip webaccelerator/13.0.0