Details of VAR-201805-0921

ID

VAR-201805-0921

CVE

CVE-2018-5514

TITLE

plural F5 BIG-IP Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-004932

DESCRIPTION

On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. An attacker could exploit the vulnerability to cause a denial of service or potentially expose the data layer. F5 BIG-IP is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions. F5 BIG-IP LTM, etc. The following versions are affected: F5 BIG-IP LTM Version 13.1.0; BIG-IP AAM Version 13.1.0; BIG-IP AFM Version 13.1.0; BIG-IP APM Version 13.1.0; BIG-IP ASM Version 13.1.0 ; BIG-IP Link Controller Version 13.1.0; BIG-IP PEM Version 13.1.0; BIG-IP WebAccelerator Version 13.1.0; BIG-IP WebSafe Version 13.1.0

Trust: 2.52

sources: NVD: CVE-2018-5514 // JVNDB: JVNDB-2018-004932 // CNVD: CNVD-2018-10110 // BID: 104097 // VULHUB: VHN-135545

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-10110

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip link controller	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1.0 to 13.1.0.5	Trust: 0.8
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	13.1.0.6	Trust: 0.3

sources: CNVD: CNVD-2018-10110 // BID: 104097 // JVNDB: JVNDB-2018-004932 // NVD: CVE-2018-5514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5514
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-5514
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-10110
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201805-120
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-135545
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-5514
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10110
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-135545
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5514
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-10110 // VULHUB: VHN-135545 // JVNDB: JVNDB-2018-004932 // CNNVD: CNNVD-201805-120 // NVD: CVE-2018-5514

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-135545 // JVNDB: JVNDB-2018-004932 // NVD: CVE-2018-5514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-120

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201805-120

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004932

PATCH

title:	K45320419	url:	https://support.f5.com/csp/article/K45320419	Trust: 0.8
title:	Patch for multiple F5 product denial of service vulnerabilities (CNVD-2018-10110)	url:	https://www.cnvd.org.cn/patchInfo/show/129943	Trust: 0.6
title:	Multiple F5 Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79853	Trust: 0.6

sources: CNVD: CNVD-2018-10110 // JVNDB: JVNDB-2018-004932 // CNNVD: CNNVD-201805-120

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5514	Trust: 3.4
db:	BID	id:	104097	Trust: 2.0
db:	SECTRACK	id:	1040804	Trust: 1.1
db:	JVNDB	id:	JVNDB-2018-004932	Trust: 0.8
db:	CNVD	id:	CNVD-2018-10110	Trust: 0.6
db:	NSFOCUS	id:	39617	Trust: 0.6
db:	CNNVD	id:	CNNVD-201805-120	Trust: 0.6
db:	VULHUB	id:	VHN-135545	Trust: 0.1

sources: CNVD: CNVD-2018-10110 // VULHUB: VHN-135545 // BID: 104097 // JVNDB: JVNDB-2018-004932 // CNNVD: CNNVD-201805-120 // NVD: CVE-2018-5514

REFERENCES

url:	https://support.f5.com/csp/article/k45320419	Trust: 2.0
url:	http://www.securityfocus.com/bid/104097	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5514	Trust: 1.4
url:	http://www.securitytracker.com/id/1040804	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5514	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/39617	Trust: 0.6
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: CNVD: CNVD-2018-10110 // VULHUB: VHN-135545 // BID: 104097 // JVNDB: JVNDB-2018-004932 // CNNVD: CNNVD-201805-120 // NVD: CVE-2018-5514

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 104097

SOURCES

db:	CNVD	id:	CNVD-2018-10110
db:	VULHUB	id:	VHN-135545
db:	BID	id:	104097
db:	JVNDB	id:	JVNDB-2018-004932
db:	CNNVD	id:	CNNVD-201805-120
db:	NVD	id:	CVE-2018-5514

LAST UPDATE DATE

2024-11-23T22:00:30.729000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10110	date:	2018-05-23T00:00:00
db:	VULHUB	id:	VHN-135545	date:	2018-06-13T00:00:00
db:	BID	id:	104097	date:	2018-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-004932	date:	2018-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201805-120	date:	2018-05-03T00:00:00
db:	NVD	id:	CVE-2018-5514	date:	2024-11-21T04:08:58.143

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-10110	date:	2018-05-23T00:00:00
db:	VULHUB	id:	VHN-135545	date:	2018-05-02T00:00:00
db:	BID	id:	104097	date:	2018-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-004932	date:	2018-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201805-120	date:	2018-05-03T00:00:00
db:	NVD	id:	CVE-2018-5514	date:	2018-05-02T13:29:00.473