Forum Discussion

SolarJeans's avatar
Nov 23, 2022

BIGIP BIND for CVE-2022-38177

Hello Expert, My BIGIP are vulnerable by CVE-2022-38177 and we would like to apply the work around as stated in KB disable-algorithms "." {         "ECDSAP256SHA256";         "ECDSAP384SHA384"; ...
  • JoshBecigneul's avatar
    Nov 24, 2022

    If you don't have BIG-IP DNS provisioned then BIND should not be provisioned for end-user access.

    If it is enabled then you can use the ZoneRunner interface to make the modification to the configuration. https://support.f5.com/csp/article/K6963 

    I believe DNS Cache/DNS Express don't rely on BIND (they are built into TMM) so should not be vulnerable to this issue.