Forum Discussion

Icon for Cirrus rank

Cirrus

Nov 23, 2022

BIGIP BIND for CVE-2022-38177

Hello Expert, My BIGIP are vulnerable by CVE-2022-38177 and we would like to apply the work around as stated in KB disable-algorithms "." { "ECDSAP256SHA256"; "ECDSAP384SHA384"; ...

application delivery

JoshBecigneul
Nov 24, 2022
If you don't have BIG-IP DNS provisioned then BIND should not be provisioned for end-user access.

If it is enabled then you can use the ZoneRunner interface to make the modification to the configuration. https://support.f5.com/csp/article/K6963

I believe DNS Cache/DNS Express don't rely on BIND (they are built into TMM) so should not be vulnerable to this issue.

Icon for MVP rank

MVP

If you don't have BIG-IP DNS provisioned then BIND should not be provisioned for end-user access.

If it is enabled then you can use the ZoneRunner interface to make the modification to the configuration. https://support.f5.com/csp/article/K6963

I believe DNS Cache/DNS Express don't rely on BIND (they are built into TMM) so should not be vulnerable to this issue.

Icon for Cirrus rank

Cirrus

Nov 30, 2022

Thanks for great explanation

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming