ID

VAR-201803-1814


CVE

CVE-2018-5502


TITLE

plural F5 BIG-IP Certificate validation vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-003486

DESCRIPTION

On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure. plural F5 BIG-IP The product contains a certificate validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. F5 BIG-IP LTM, etc. The following products and versions are affected: BIG-IP LTM version 13.0.0 through 13.1.0.3; BIG-IP AAM version 13.0.0 through 13.1.0.3; BIG-IP AFM version 13.0.0 through 13.1.0.3; BIG -IP Analytics version 13.0.0 to 13.1.0.3; BIG-IP APM version 13.0.0 to 13.1.0.3; BIG-IP ASM version 13.0.0 to 13.1.0.3; BIG-IP DNS version 13.0.0 to Version 13.1.0.3; BIG-IP Edge Gateway Version 13.0.0 through Version 13.1.0.3; BIG-IP GTM Version 13.0.0 through Version 13.1.0.3; BIG-IP Link Controller Version 13.0.0 through Version 13.1.0.3; BIG -IP PEM version 13.0.0 to 13.1.0.3; BIG-IP WebAccelerator version 13.0.0 to 13.1.0.3; BIG-IP WebSafe version 13.0.0 to 13.1.0.3

Trust: 2.25

sources: NVD: CVE-2018-5502 // JVNDB: JVNDB-2018-003486 // CNVD: CNVD-2018-06868 // VULHUB: VHN-135533

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06868

AFFECTED PRODUCTS

vendor:f5model:big-ip websafescope:eqversion:1.0.0

Trust: 1.6

vendor:f5model:big-ip webacceleratorscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:ltversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:ltversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:13.1.0.4

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip access policy managerscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip advanced firewall managerscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip advanced firewall managerscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip analyticsscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip analyticsscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip application acceleration managerscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip application acceleration managerscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip application security managerscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip application security managerscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip domain name systemscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip domain name systemscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip edge gatewayscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip edge gatewayscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip global traffic managerscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip global traffic managerscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip link controllerscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip link controllerscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip local traffic managerscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip local traffic managerscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip policy enforcement managerscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip policy enforcement managerscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip webacceleratorscope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip webacceleratorscope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip websafescope:eqversion:13.0.0

Trust: 0.8

vendor:f5model:big-ip websafescope:eqversion:13.1.0

Trust: 0.8

vendor:f5model:big-ip pemscope:gteversion:13.0.0,<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip ltmscope:gteversion:13.0.0,<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip aamscope:gteversion:13.0.0,<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip afmscope:gteversion:13.0.0<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip analyticsscope:gteversion:13.0.0,<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip apmscope:gteversion:13.0.0<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip asmscope:gteversion:13.0.0<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip dnsscope:gteversion:13.0.0<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip edge gatewayscope:gteversion:13.0.0,<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip gtmscope:gteversion:13.0.0,<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip link controllerscope:gteversion:13.0.0,<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:gteversion:13.0.0,<=13.1.0.3

Trust: 0.6

vendor:f5model:big-ip websafescope:gteversion:13.0.0,<=13.1.0.3

Trust: 0.6

sources: CNVD: CNVD-2018-06868 // JVNDB: JVNDB-2018-003486 // CNNVD: CNNVD-201803-792 // NVD: CVE-2018-5502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5502
value: HIGH

Trust: 1.0

NVD: CVE-2018-5502
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-06868
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-792
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135533
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5502
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06868
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-135533
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5502
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-06868 // VULHUB: VHN-135533 // JVNDB: JVNDB-2018-003486 // CNNVD: CNNVD-201803-792 // NVD: CVE-2018-5502

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-135533 // JVNDB: JVNDB-2018-003486 // NVD: CVE-2018-5502

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-792

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-792

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003486

PATCH

title:K43121447url:https://support.f5.com/csp/article/K43121447

Trust: 0.8

title:Patch for F5BIG-IP Denial of Service Vulnerability (CNVD-2018-06868)url:https://www.cnvd.org.cn/patchInfo/show/124599

Trust: 0.6

title:Multiple F5 Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79360

Trust: 0.6

sources: CNVD: CNVD-2018-06868 // JVNDB: JVNDB-2018-003486 // CNNVD: CNNVD-201803-792

EXTERNAL IDS

db:NVDid:CVE-2018-5502

Trust: 3.1

db:SECTRACKid:1040561

Trust: 1.7

db:JVNDBid:JVNDB-2018-003486

Trust: 0.8

db:CNVDid:CNVD-2018-06868

Trust: 0.6

db:CNNVDid:CNNVD-201803-792

Trust: 0.6

db:VULHUBid:VHN-135533

Trust: 0.1

sources: CNVD: CNVD-2018-06868 // VULHUB: VHN-135533 // JVNDB: JVNDB-2018-003486 // CNNVD: CNNVD-201803-792 // NVD: CVE-2018-5502

REFERENCES

url:https://support.f5.com/csp/article/k43121447

Trust: 1.7

url:http://www.securitytracker.com/id/1040561

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5502

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-5502

Trust: 0.8

url:https://securitytracker.com/id/1040561

Trust: 0.6

sources: CNVD: CNVD-2018-06868 // VULHUB: VHN-135533 // JVNDB: JVNDB-2018-003486 // CNNVD: CNNVD-201803-792 // NVD: CVE-2018-5502

SOURCES

db:CNVDid:CNVD-2018-06868
db:VULHUBid:VHN-135533
db:JVNDBid:JVNDB-2018-003486
db:CNNVDid:CNNVD-201803-792
db:NVDid:CVE-2018-5502

LAST UPDATE DATE

2024-11-23T22:26:26.380000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-06868date:2018-04-02T00:00:00
db:VULHUBid:VHN-135533date:2018-04-20T00:00:00
db:JVNDBid:JVNDB-2018-003486date:2018-05-24T00:00:00
db:CNNVDid:CNNVD-201803-792date:2018-03-23T00:00:00
db:NVDid:CVE-2018-5502date:2024-11-21T04:08:55.943

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-06868date:2018-04-02T00:00:00
db:VULHUBid:VHN-135533date:2018-03-22T00:00:00
db:JVNDBid:JVNDB-2018-003486date:2018-05-24T00:00:00
db:CNNVDid:CNNVD-201803-792date:2018-03-23T00:00:00
db:NVDid:CVE-2018-5502date:2018-03-22T18:29:00.510