CVE-2018-5532F5 Big-ip Domain Name System vulnerability

4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 40.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+10 more
Timeline
PublishedJul 19
Latest updateMay 13

Description

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages13 packages

NVDf5/big-ip_domain_name_system11.2.111.5.6+3
NVDf5/big-ip_analytics11.2.111.5.6+3
NVDf5/big-ip_edge_gateway11.2.111.5.6+3
NVDf5/big-ip_webaccelerator11.2.111.5.6+3
NVDf5/big-ip_link_controller11.2.111.5.6+3

🔴Vulnerability Details

2
GHSA
GHSA-3239-92hh-5wpq: On F5 BIG-IP 132022-05-13
CVEList
CVE-2018-5532: On F5 BIG-IP 132018-07-19

📋Vendor Advisories

1
F5
CVE-2018-5532: On F5 BIG-IP 132018-07-19
CVE-2018-5532 — F5 vulnerability | cvebase