8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.623 Medium
EPSS
Percentile
97.6%
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. (CVE-2016-1286)
Impact
An attacker may force the system to look up a malicious server that is serving bad RRSIGs and may cause the BIND service to restart.
Note: Typically, a BIND service restart does not cause the affected system to fail over.
BIG-IP
Although BIG-IP software contains the vulnerable code, the BIG-IP system does not use the vulnerable code in a way that exposes the vulnerability in the default configuration. The BIG-IP system must meet both of the following conditions to be considered vulnerable:
For example:
* A virtual server with a DNS profile is configured with the **Use BIND Server on BIG-IP** option (this option is enabled by default for the DNS profile).
* A DNS/GTM pool uses the **Return to DNS** load balancing method, or its**Alternate **and**Fallback **load balancing methods are set to**None,** and all pools associated with the wide IP are unavailable.
BIG-IQ and Enterprise Manager
BIG-IQ and Enterprise Manager systems are not vulnerable in the default standard configurations. This vulnerability can be exposed only when the BIG-IQ or Enterprise Manager system is manually configured to enable recursion explicitly and act as a DNS server to query against a server that is providing malicious responses. F5 recommends that you do not configure the system so that you use the BIG-IQ or Enterprise Manager system as a DNS server.
ARX, FirePass, LineRate, F5 WebSafe, and Traffix SDC
There is no impact. These F5 products are not vulnerable to these vulnerabilities.
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.623 Medium
EPSS
Percentile
97.6%