Vulnerabilities > CVE-2018-5532 - Unspecified vulnerability in F5 products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
f5
nessus
NVD
Published: 2018-07-19
Updated: 2019-10-03

Summary

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.

Vulnerable Configurations

Part Description Count
Application
F5
307

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL48224824.NASL
descriptionOn F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. (CVE-2018-5532) Impact The BIG-IP system may continue to serve responses from the DNS Cachefor as long as the system receives requests for the cached name, even though the authoritative nameserver removed the name.
last seen2020-03-17
modified2018-11-02
plugin id118670
published2018-11-02
reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/118670
titleF5 Networks BIG-IP : BIG-IP DNS Cache vulnerability (K48224824)
code
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K48224824.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(118670);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");

  script_cve_id("CVE-2018-5532");

  script_name(english:"F5 Networks BIG-IP : BIG-IP DNS Cache vulnerability (K48224824)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6
a domain name cached within the DNS Cache of TMM may continue to be
resolved by the cache even after the parent server revokes the record,
if the DNS Cache is receiving a stream of requests for the cached
name. (CVE-2018-5532)

Impact

The BIG-IP system may continue to serve responses from the DNS
Cachefor as long as the system receives requests for the cached name,
even though the authoritative nameserver removed the name."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K48224824"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K48224824."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "K48224824";
vmatrix = make_array();

# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected"  ] = make_list("13.0.0","12.1.0-12.1.2","11.6.1-11.6.3","11.2.1-11.5.6");
vmatrix["AFM"]["unaffected"] = make_list("13.1.0","13.0.0HF1","12.1.3","11.6.3.2","11.5.7");

# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected"  ] = make_list("13.0.0","12.1.0-12.1.2","11.6.1-11.6.3","11.2.1-11.5.6");
vmatrix["AM"]["unaffected"] = make_list("13.1.0","13.0.0HF1","12.1.3","11.6.3.2","11.5.7");

# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected"  ] = make_list("13.0.0","12.1.0-12.1.2","11.6.1-11.6.3","11.2.1-11.5.6");
vmatrix["APM"]["unaffected"] = make_list("13.1.0","13.0.0HF1","12.1.3","11.6.3.2","11.5.7");

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("13.0.0","12.1.0-12.1.2","11.6.1-11.6.3","11.2.1-11.5.6");
vmatrix["ASM"]["unaffected"] = make_list("13.1.0","13.0.0HF1","12.1.3","11.6.3.2","11.5.7");

# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected"  ] = make_list("13.0.0","12.1.0-12.1.2","11.6.1-11.6.3","11.2.1-11.5.6");
vmatrix["AVR"]["unaffected"] = make_list("13.1.0","13.0.0HF1","12.1.3","11.6.3.2","11.5.7");

# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected"  ] = make_list("13.0.0","12.1.0-12.1.2","11.6.1-11.6.3","11.2.1-11.5.6");
vmatrix["GTM"]["unaffected"] = make_list("13.1.0","13.0.0HF1","12.1.3","11.6.3.2","11.5.7");

# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected"  ] = make_list("13.0.0","12.1.0-12.1.2","11.6.1-11.6.3","11.2.1-11.5.6");
vmatrix["LC"]["unaffected"] = make_list("13.1.0","13.0.0HF1","12.1.3","11.6.3.2","11.5.7");

# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected"  ] = make_list("13.0.0","12.1.0-12.1.2","11.6.1-11.6.3","11.2.1-11.5.6");
vmatrix["LTM"]["unaffected"] = make_list("13.1.0","13.0.0HF1","12.1.3","11.6.3.2","11.5.7");

# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected"  ] = make_list("13.0.0","12.1.0-12.1.2","11.6.1-11.6.3","11.2.1-11.5.6");
vmatrix["PEM"]["unaffected"] = make_list("13.1.0","13.0.0HF1","12.1.3","11.6.3.2","11.5.7");

# WAM
vmatrix["WAM"] = make_array();
vmatrix["WAM"]["affected"  ] = make_list("13.0.0","12.1.0-12.1.2","11.6.1-11.6.3","11.2.1-11.5.6");
vmatrix["WAM"]["unaffected"] = make_list("13.1.0","13.0.0HF1","12.1.3","11.6.3.2","11.5.7");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}

References