8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.968 High
EPSS
Percentile
99.6%
Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
BIG-IP/BIG-IQ/Enterprise Manager
To mitigate this vulnerability, you must disable the use of recursion in the BIND configuration. To determine if recursion has been manually enabled, and mitigate the vulnerability by disabling recursion, perform the following procedures.
Determining if recursion has been manually enabled on the system
Impact of action: Performing the following procedure should not have a negative impact on your system.
grep recursion /var/named/config/named.conf
recursion yes;
If the command returns the following response, recursion has not been enabled, and the system is not vulnerable.
recursion no;
Mitigating the vulnerability
To mitigate this vulnerability, you can disable recursion in the named.conf file. To do so, perform the following procedure:
Impact of action: This modification requires changing your configuration. F5 recommends that you test the modified configuration in an appropriate environment before implementing it.
cd /var/named/config
cp named.conf named.conf.SOL62012529
For example:
recursion yes;
For example:
recursion no;
bigstart restart named
Supplemental Information
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.968 High
EPSS
Percentile
99.6%