CVE-2018-5538

First published: Wed Jul 25 2018(Updated: )

On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".

Credit: f5sirt@f5.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/references
• agent/author
• agent/severity
• agent/type
• agent/tags
• agent/event
• agent/description
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• collector/mitre-cve
• source/MITRE
• vendor/f5
• canonical/f5 big-ip domain name system
• version/f5 big-ip domain name system/12.1.3
• version/f5 big-ip domain name system/12.1.3.5
• version/f5 big-ip domain name system/13.1.0.7
• canonical/f5 big-ip global traffic manager
• version/f5 big-ip global traffic manager/12.1.3
• version/f5 big-ip global traffic manager/12.1.3.5
• version/f5 big-ip global traffic manager/13.1.0
• version/f5 big-ip global traffic manager/13.1.0.7
• canonical/f5 big-ip local traffic manager
• version/f5 big-ip local traffic manager/12.1.3
• version/f5 big-ip local traffic manager/12.1.3.5
• version/f5 big-ip local traffic manager/13.1.0
• version/f5 big-ip local traffic manager/13.1.0.7
• canonical/f5 big-ip link controller
• version/f5 big-ip link controller/12.1.3
• version/f5 big-ip link controller/12.1.3.5
• version/f5 big-ip link controller/13.1.0
• version/f5 big-ip link controller/13.1.0.7