SolarJeans
Nov 23, 2022Cirrus
BIGIP BIND for CVE-2022-38177
Hello Expert, My BIGIP are vulnerable by CVE-2022-38177 and we would like to apply the work around as stated in KB disable-algorithms "." { "ECDSAP256SHA256"; "ECDSAP384SHA384"; ...
- Nov 24, 2022
If you don't have BIG-IP DNS provisioned then BIND should not be provisioned for end-user access.
If it is enabled then you can use the ZoneRunner interface to make the modification to the configuration. https://support.f5.com/csp/article/K6963
I believe DNS Cache/DNS Express don't rely on BIND (they are built into TMM) so should not be vulnerable to this issue.