CVE-2018-5743 (GCVE-0-2018-5743)

Vulnerability from cvelistv5 – Published: 2019-10-09 14:17 – Updated: 2024-09-17 02:26
VLAI?
Title
Limiting simultaneous TCP clients was ineffective
Summary
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.
Severity ?
7.5 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • By exploiting the failure to limit simultaneous TCP connections, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.
Assigner
isc
References
Impacted products
Vendor Product Version
ISC BIND 9 Affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.
Create a notification for this product.
Date Public ?
2019-04-24 00:00
Credits
ISC would like to thank AT&T for helping us to discover this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:40:51.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2018-5743"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank AT\u0026T for helping us to discover this issue."
        }
      ],
      "datePublic": "2019-04-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "By exploiting the failure to limit simultaneous TCP connections, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files.  In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:06:10.000Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/cve-2018-5743"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to a version of BIND containing a fix for the ineffective limits.\n\n+    BIND 9.11.6-P1\n+    BIND 9.12.4-P1\n+    BIND 9.14.1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n +   BIND 9.11.5-S6\n +   BIND 9.11.6-S1"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "Limiting simultaneous TCP clients was ineffective",
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2019-04-24T23:00:00.000Z",
          "ID": "CVE-2018-5743",
          "STATE": "PUBLIC",
          "TITLE": "Limiting simultaneous TCP clients was ineffective"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "BIND 9",
                            "version_value": "BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank AT\u0026T for helping us to discover this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "By exploiting the failure to limit simultaneous TCP connections, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files.  In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/docs/cve-2018-5743",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/cve-2018-5743"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_20",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
            },
            {
              "name": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to a version of BIND containing a fix for the ineffective limits.\n\n+    BIND 9.11.6-P1\n+    BIND 9.12.4-P1\n+    BIND 9.14.1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n +   BIND 9.11.5-S6\n +   BIND 9.11.6-S1"
          }
        ],
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2018-5743",
    "datePublished": "2019-10-09T14:17:14.293Z",
    "dateReserved": "2018-01-17T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:26:38.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-5743",
      "date": "2026-05-24",
      "epss": "0.05693",
      "percentile": "0.90508"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"039E73A1-9F90-46A4-BFEE-5E97BAF3FAA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"C23EFF81-0FF4-4B4A-BAC3-85EC62230099\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"B83479FA-82FB-4F71-9B98-E683745DB49E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"D17CC587-3325-4D95-BE63-B948C63B411D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FB6D7D8-2688-48A2-8E3E-341881EF0B4C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"AB5A624E-40A1-4F75-8B9A-FA56510C19EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"66FCB095-3E70-472A-AB9D-60F001F3A539\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"1D91EC11-DD9A-434B-9EB4-14AA0E977D8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"D2833083-97E9-4B3C-8E6B-BCAC1851D148\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8C7C45A-CC14-4092-903C-3001986D2859\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"C6917369-D3C2-42EB-B73B-F86CE2F17401\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"5E4EA2A9-C197-40D4-A6AE-A64D69536F99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"5A3215E6-7223-4AF1-BFD3-BD8AE9B6B572\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"720A06E3-441B-4D51-8FC0-D569DD7FEB10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FF1C75A-F753-40CB-9E26-DA6D31931DDC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"596A35D8-3644-4C45-99AC-4D201F170B83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"CAECED76-81A2-4A0C-8C2E-24C235BB32DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"42D16634-442B-4674-B11E-6748D28764BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"713EB3E7-A657-4F6A-901D-618AF660CBBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EACA0835-51AD-4AC0-8C87-5564F3A821CD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"85EE39BF-86AA-498B-BF51-EDCD7BD01376\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"2D7877E8-E50F-4DC6-867D-C19A8DB533E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"899BE6FE-B23F-4236-8A5E-B41AFF28E533\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"9BD61B6A-4E98-4D2C-92BC-FED15CEE39A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"1A5E9908-C959-48FD-8FAC-C0FE329E6FD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"E697E4FD-1882-4BF8-9B9F-FB7DFD19497B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.1\", \"matchCriteriaId\": \"4612320D-0037-4207-9E6E-42E27FB1ED2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"DA776514-AF68-4292-931E-290310EB0939\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"88B12CA1-E853-4898-8A06-F991BE19A27A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"96AA67E0-3471-4699-87A7-E47DD8E313B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"B439DE9D-6A09-4487-82A4-E75A57717CAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA4F1CFB-0FD9-4AEB-BF25-093115F9D891\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"96E945EE-A623-4775-83B9-4CF81B7EA70F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"DE11CCA1-58BF-462E-A0DE-49F3BC1C5499\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"6114B091-1612-4EA2-81D4-2E5455A345F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"1117B40B-36E7-4205-82B0-52B4862A6D03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12F0D363-0DE8-4E32-9187-D7ACA0868BD8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"92484170-2E91-45F6-9789-B0DF3F5E6260\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"9A751827-1169-408E-BCE6-A129BDDB489D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"36F60067-2623-42F9-8B4F-C24F3268DDB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"717C0443-3E88-4814-8D4A-F0C067176228\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3879431-2E02-4B6C-BB4F-C2FF631A0974\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"0A16FE69-A466-4FA6-BDDA-794C9F2B36FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"75D817B1-EC06-4180-B272-067299818B09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"68E2840B-96F4-4437-91D1-4AFE99E54D6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"09C950E6-BF12-43D4-9125-AD9D90EDD67A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"5FAB378B-D08A-4B50-BD7D-51F9B461FED5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"F367EED9-1F71-4720-BE53-3074FF6049C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"20BF15AA-1183-489E-A24A-FFB5BFD84664\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"83B684D2-5889-41EA-B54A-8E7AF43DA647\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45D0AF1B-9106-4C38-B1A2-87FC189ADBAB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"43581457-5C55-4B31-BEFA-4B59B2744BB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"E72B035F-97C1-41C6-B424-F3929B9D7A99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"E058E775-EAAA-46DF-9F3D-A8D042AAFD88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"9AD3B4BB-7F5C-4565-9345-2D4895630AAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B872A0D5-9B23-40F2-8AAB-253A4F406D18\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.9.0\", \"versionEndIncluding\": \"9.10.8\", \"matchCriteriaId\": \"87B2F81A-950D-4307-B50C-CCB928889484\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.11.0\", \"versionEndIncluding\": \"9.11.6\", \"matchCriteriaId\": \"E3BF4485-A6C6-4443-83E1-2F12DF78A78B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.12.0\", \"versionEndIncluding\": \"9.12.4\", \"matchCriteriaId\": \"9C499955-0D38-4828-B94F-9BFE2719246B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.13.0\", \"versionEndIncluding\": \"9.13.7\", \"matchCriteriaId\": \"EA8EE96D-C27B-4995-BFB2-B4AC55ACAE8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*\", \"matchCriteriaId\": \"40EE014B-0CD8-45F3-BEDB-AE6368A78B04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"58D8814F-07FC-42A8-99EF-CD84AADEDC57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*\", \"matchCriteriaId\": \"1AA16E51-819C-4A1B-B66E-1C60C1782C0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*\", \"matchCriteriaId\": \"91533F9F-C0E5-4E84-8A4C-F744F956BF97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:9.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"377B83CA-65BF-447F-91B4-E03CB893A879\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5F5FEE7-059A-4A9B-BCCD-18F0AA435040\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndIncluding\": \"5.4.0\", \"matchCriteriaId\": \"559900D6-7E43-4D2F-9167-BDB04DD5D0DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.1.0\", \"matchCriteriaId\": \"F37D18F2-8C6A-4557-85DC-2A751595423C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3CE7526-9630-48EF-81FB-44904AF0653F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.2\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"A9A8A5C3-0C38-4F46-8F98-DC3B9C58D660\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"6166E0DB-2BA5-454D-ABBC-9E4916436A44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndIncluding\": \"13.1.1\", \"matchCriteriaId\": \"F42F4AF6-4BCC-497E-A889-0BBCA965CB32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.0\", \"matchCriteriaId\": \"AEC2164D-11D0-4DCD-B814-6AB185C3BADF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA4AE425-1D86-4DB9-8B8F-74C6678BD528\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.\"}, {\"lang\": \"es\", \"value\": \"Por dise\\u00f1o, BIND est\\u00e1 destinado a limitar el n\\u00famero de clientes TCP que pueden ser conectados en un momento dado. El n\\u00famero de conexiones permitidas es un par\\u00e1metro sintonizable que, si no se encuentra configurado, por defecto es un valor conservador para la mayor\\u00eda de los servidores. Desafortunadamente, el c\\u00f3digo que estaba destinado a limitar el n\\u00famero de conexiones simult\\u00e1neas conten\\u00eda un error que podr\\u00eda ser explotado para aumentar el n\\u00famero de conexiones simult\\u00e1neas m\\u00e1s all\\u00e1 de este l\\u00edmite. Versiones afectadas: BIND 9.9.0 hasta 9.10.8-P1, 9.11.0 hasta 9.11.6, 9.12.0 hasta 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versiones 9.9.3-S1 hasta 9.11.5-S3 y 9.11.5-S5. Las versiones 9.13.0 hasta 9.13.7 de la rama de desarrollo 9.13 tambi\\u00e9n est\\u00e1n afectadas. Las versiones anteriores a BIND 9.9.0 no han sido evaluadas para la vulnerabilidad de CVE-2018-5743.\"}]",
      "id": "CVE-2018-5743",
      "lastModified": "2024-11-21T04:09:17.967",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"security-officer@isc.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-10-09T16:15:13.763",
      "references": "[{\"url\": \"https://kb.isc.org/docs/cve-2018-5743\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_20\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"https://kb.isc.org/docs/cve-2018-5743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_20\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security-officer@isc.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-5743\",\"sourceIdentifier\":\"security-officer@isc.org\",\"published\":\"2019-10-09T16:15:13.763\",\"lastModified\":\"2024-11-21T04:09:17.967\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.\"},{\"lang\":\"es\",\"value\":\"Por dise\u00f1o, BIND est\u00e1 destinado a limitar el n\u00famero de clientes TCP que pueden ser conectados en un momento dado. El n\u00famero de conexiones permitidas es un par\u00e1metro sintonizable que, si no se encuentra configurado, por defecto es un valor conservador para la mayor\u00eda de los servidores. Desafortunadamente, el c\u00f3digo que estaba destinado a limitar el n\u00famero de conexiones simult\u00e1neas conten\u00eda un error que podr\u00eda ser explotado para aumentar el n\u00famero de conexiones simult\u00e1neas m\u00e1s all\u00e1 de este l\u00edmite. Versiones afectadas: BIND 9.9.0 hasta 9.10.8-P1, 9.11.0 hasta 9.11.6, 9.12.0 hasta 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versiones 9.9.3-S1 hasta 9.11.5-S3 y 9.11.5-S5. Las versiones 9.13.0 hasta 9.13.7 de la rama de desarrollo 9.13 tambi\u00e9n est\u00e1n afectadas. Las versiones anteriores a BIND 9.9.0 no han sido evaluadas para la vulnerabilidad de CVE-2018-5743.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"security-officer@isc.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"039E73A1-9F90-46A4-BFEE-5E97BAF3FAA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"C23EFF81-0FF4-4B4A-BAC3-85EC62230099\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"B83479FA-82FB-4F71-9B98-E683745DB49E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"D17CC587-3325-4D95-BE63-B948C63B411D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FB6D7D8-2688-48A2-8E3E-341881EF0B4C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"AB5A624E-40A1-4F75-8B9A-FA56510C19EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"66FCB095-3E70-472A-AB9D-60F001F3A539\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"1D91EC11-DD9A-434B-9EB4-14AA0E977D8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"D2833083-97E9-4B3C-8E6B-BCAC1851D148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8C7C45A-CC14-4092-903C-3001986D2859\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"C6917369-D3C2-42EB-B73B-F86CE2F17401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"5E4EA2A9-C197-40D4-A6AE-A64D69536F99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"5A3215E6-7223-4AF1-BFD3-BD8AE9B6B572\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"720A06E3-441B-4D51-8FC0-D569DD7FEB10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FF1C75A-F753-40CB-9E26-DA6D31931DDC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"596A35D8-3644-4C45-99AC-4D201F170B83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"CAECED76-81A2-4A0C-8C2E-24C235BB32DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"42D16634-442B-4674-B11E-6748D28764BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"713EB3E7-A657-4F6A-901D-618AF660CBBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EACA0835-51AD-4AC0-8C87-5564F3A821CD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"85EE39BF-86AA-498B-BF51-EDCD7BD01376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"2D7877E8-E50F-4DC6-867D-C19A8DB533E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"899BE6FE-B23F-4236-8A5E-B41AFF28E533\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"9BD61B6A-4E98-4D2C-92BC-FED15CEE39A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"1A5E9908-C959-48FD-8FAC-C0FE329E6FD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"E697E4FD-1882-4BF8-9B9F-FB7DFD19497B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.1\",\"matchCriteriaId\":\"4612320D-0037-4207-9E6E-42E27FB1ED2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"DA776514-AF68-4292-931E-290310EB0939\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"88B12CA1-E853-4898-8A06-F991BE19A27A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"96AA67E0-3471-4699-87A7-E47DD8E313B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"B439DE9D-6A09-4487-82A4-E75A57717CAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA4F1CFB-0FD9-4AEB-BF25-093115F9D891\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"96E945EE-A623-4775-83B9-4CF81B7EA70F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"DE11CCA1-58BF-462E-A0DE-49F3BC1C5499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"6114B091-1612-4EA2-81D4-2E5455A345F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"1117B40B-36E7-4205-82B0-52B4862A6D03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12F0D363-0DE8-4E32-9187-D7ACA0868BD8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"92484170-2E91-45F6-9789-B0DF3F5E6260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"9A751827-1169-408E-BCE6-A129BDDB489D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"36F60067-2623-42F9-8B4F-C24F3268DDB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"717C0443-3E88-4814-8D4A-F0C067176228\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3879431-2E02-4B6C-BB4F-C2FF631A0974\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"0A16FE69-A466-4FA6-BDDA-794C9F2B36FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"75D817B1-EC06-4180-B272-067299818B09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"68E2840B-96F4-4437-91D1-4AFE99E54D6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"09C950E6-BF12-43D4-9125-AD9D90EDD67A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"5FAB378B-D08A-4B50-BD7D-51F9B461FED5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"F367EED9-1F71-4720-BE53-3074FF6049C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"20BF15AA-1183-489E-A24A-FFB5BFD84664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"83B684D2-5889-41EA-B54A-8E7AF43DA647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45D0AF1B-9106-4C38-B1A2-87FC189ADBAB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"43581457-5C55-4B31-BEFA-4B59B2744BB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"E72B035F-97C1-41C6-B424-F3929B9D7A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"E058E775-EAAA-46DF-9F3D-A8D042AAFD88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"9AD3B4BB-7F5C-4565-9345-2D4895630AAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B872A0D5-9B23-40F2-8AAB-253A4F406D18\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.9.0\",\"versionEndIncluding\":\"9.10.8\",\"matchCriteriaId\":\"87B2F81A-950D-4307-B50C-CCB928889484\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.11.0\",\"versionEndIncluding\":\"9.11.6\",\"matchCriteriaId\":\"E3BF4485-A6C6-4443-83E1-2F12DF78A78B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.12.0\",\"versionEndIncluding\":\"9.12.4\",\"matchCriteriaId\":\"9C499955-0D38-4828-B94F-9BFE2719246B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.13.0\",\"versionEndIncluding\":\"9.13.7\",\"matchCriteriaId\":\"EA8EE96D-C27B-4995-BFB2-B4AC55ACAE8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*\",\"matchCriteriaId\":\"40EE014B-0CD8-45F3-BEDB-AE6368A78B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"58D8814F-07FC-42A8-99EF-CD84AADEDC57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*\",\"matchCriteriaId\":\"1AA16E51-819C-4A1B-B66E-1C60C1782C0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*\",\"matchCriteriaId\":\"91533F9F-C0E5-4E84-8A4C-F744F956BF97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"377B83CA-65BF-447F-91B4-E03CB893A879\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5F5FEE7-059A-4A9B-BCCD-18F0AA435040\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"5.4.0\",\"matchCriteriaId\":\"559900D6-7E43-4D2F-9167-BDB04DD5D0DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.1.0\",\"matchCriteriaId\":\"F37D18F2-8C6A-4557-85DC-2A751595423C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3CE7526-9630-48EF-81FB-44904AF0653F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.2\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"A9A8A5C3-0C38-4F46-8F98-DC3B9C58D660\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"6166E0DB-2BA5-454D-ABBC-9E4916436A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.1\",\"matchCriteriaId\":\"F42F4AF6-4BCC-497E-A889-0BBCA965CB32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.0\",\"matchCriteriaId\":\"AEC2164D-11D0-4DCD-B814-6AB185C3BADF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA4AE425-1D86-4DB9-8B8F-74C6678BD528\"}]}]}],\"references\":[{\"url\":\"https://kb.isc.org/docs/cve-2018-5743\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"security-officer@isc.org\"},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_20\",\"source\":\"security-officer@isc.org\"},{\"url\":\"https://kb.isc.org/docs/cve-2018-5743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.