Main Vulnerability Database SB2018041009

SB2018041009 - Security restrictions bypass in F5 BIG-IP DNS

Published: April 10, 2018

Security Bulletin ID SB2018041009

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists due to improper access control. On systems where the hostname is a public domain name that the BIG-IP system owner does not control, a remote attacker can hijack the DNS to cause DNS queries to be redirected to a remote DNS server.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://support.f5.com/csp/article/K32518458