Vulnerabilities > CVE-2018-5538 - Unspecified vulnerability in F5 products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
f5
nessus

Summary

On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".

Vulnerable Configurations

Part Description Count
Application
F5
59

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL45435121.NASL
descriptionOn F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the
last seen2020-06-01
modified2020-06-02
plugin id118666
published2018-11-02
reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/118666
titleF5 Networks BIG-IP : DNS Express vulnerability (K45435121)