{"containers": {"cna": {"affected": [{"product": "BIG-IP (DNS)", "vendor": "F5 Networks, Inc.", "versions": [{"status": "affected", "version": "13.1.0-13.1.0.7"}, {"status": "affected", "version": "12.1.3-12.1.3.5"}]}], "datePublic": "2018-07-24T00:00:00", "descriptions": [{"lang": "en", "value": "On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable \"dnsexpress.notifyport\" is set to any value other than the default of \"0\"."}], "problemTypes": [{"descriptions": [{"description": "DoS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-25T13:57:01", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K45435121"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "DATE_PUBLIC": "2018-07-24T00:00:00", "ID": "CVE-2018-5538", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP (DNS)", "version": {"version_data": [{"version_value": "13.1.0-13.1.0.7"}, {"version_value": "12.1.3-12.1.3.5"}]}}]}, "vendor_name": "F5 Networks, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable \"dnsexpress.notifyport\" is set to any value other than the default of \"0\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DoS"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K45435121", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K45435121"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:40:50.671Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K45435121"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2018-5538", "datePublished": "2018-07-25T14:00:00Z", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-09-17T03:38:36.291Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7100AD4-3AA9-40DA-BE92-219166DB207D", "versionEndIncluding": "12.1.3.5", "versionStartIncluding": "12.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "B33C750F-0ED9-4D93-A2B3-D10B23383D63", "versionEndIncluding": "13.1.0.7", "versionStartExcluding": "13.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "57969CDF-B60C-4208-9269-E3E84EC59837", "versionEndIncluding": "12.1.3.5", "versionStartIncluding": "12.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DAC2749-3880-4587-BCC2-16E1018AFF84", "versionEndIncluding": "13.1.0.7", "versionStartIncluding": "13.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A488F2F-C459-4ECF-B382-8209793E6EF8", "versionEndIncluding": "12.1.3.5", "versionStartIncluding": "12.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D14FAFD8-6A8B-45DC-A1A4-054314B4A317", "versionEndIncluding": "13.1.0.7", "versionStartIncluding": "13.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "A983F846-99FD-4F43-829D-4772D6D2D7D7", "versionEndIncluding": "12.1.3.5", "versionStartIncluding": "12.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "3746A469-4B03-45EA-860D-F28DC08C02AE", "versionEndIncluding": "13.1.0.7", "versionStartIncluding": "13.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable \"dnsexpress.notifyport\" is set to any value other than the default of \"0\"."}, {"lang": "es", "value": "En F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones aceptan mensajes NOTIFY en la interfaz de gesti\u00f3n desde las direcciones IP de origen que no est\u00e1n listadas en el par\u00e1metro de configuraci\u00f3n \"Allow NOTIFY From\" cuando la variable db \"dnsexpress.notifyport\" se asigna con un valor diferente al \"0\" por defecto."}], "id": "CVE-2018-5538", "lastModified": "2024-11-21T04:09:01.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-25T14:29:00.383", "references": [{"source": "f5sirt@f5.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.f5.com/csp/article/K45435121"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.f5.com/csp/article/K45435121"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}