Details of VAR-201805-0924

ID

VAR-201805-0924

CVE

CVE-2018-5517

TITLE

plural F5 BIG-IP Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-004935

DESCRIPTION

On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.1.0; BIG-IP AAM version 13.1.0; BIG-IP AFM version 13.1.0; BIG-IP Analytics version 13.1.0; BIG-IP APM 13.1. 0 version; BIG-IP ASM version 13.1.0; BIG-IP DNS version 13.1.0; BIG-IP Edge Gateway version 13.1.0; BIG-IP GTM version 13.1.0; BIG-IP Link Controller version 13.1.0; BIG-IP PEM version 13.1.0; BIG-IP WebAccelerator version 13.1.0; BIG-IP WebSafe version 13.1.0

Trust: 2.52

sources: NVD: CVE-2018-5517 // JVNDB: JVNDB-2018-004935 // CNVD: CNVD-2018-10109 // BID: 104362 // VULHUB: VHN-135548

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-10109

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip link controller	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1.0.5	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	13.1.0.6	Trust: 0.3

sources: CNVD: CNVD-2018-10109 // BID: 104362 // JVNDB: JVNDB-2018-004935 // NVD: CVE-2018-5517

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5517
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-5517
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-10109
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201805-117
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-135548
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-5517
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10109
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-135548
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5517
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-10109 // VULHUB: VHN-135548 // JVNDB: JVNDB-2018-004935 // CNNVD: CNNVD-201805-117 // NVD: CVE-2018-5517

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-135548 // JVNDB: JVNDB-2018-004935 // NVD: CVE-2018-5517

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-117

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201805-117

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004935

PATCH

title:	K25573437	url:	https://support.f5.com/csp/article/K25573437	Trust: 0.8
title:	Patch for multiple F5 product denial of service vulnerabilities (CNVD-2018-10109)	url:	https://www.cnvd.org.cn/patchInfo/show/129939	Trust: 0.6
title:	Multiple F5 Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79850	Trust: 0.6

sources: CNVD: CNVD-2018-10109 // JVNDB: JVNDB-2018-004935 // CNNVD: CNNVD-201805-117

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5517	Trust: 3.4
db:	SECTRACK	id:	1040805	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-004935	Trust: 0.8
db:	CNVD	id:	CNVD-2018-10109	Trust: 0.6
db:	NSFOCUS	id:	39615	Trust: 0.6
db:	CNNVD	id:	CNNVD-201805-117	Trust: 0.6
db:	BID	id:	104362	Trust: 0.4
db:	VULHUB	id:	VHN-135548	Trust: 0.1

sources: CNVD: CNVD-2018-10109 // VULHUB: VHN-135548 // BID: 104362 // JVNDB: JVNDB-2018-004935 // CNNVD: CNNVD-201805-117 // NVD: CVE-2018-5517

REFERENCES

url:	https://support.f5.com/csp/article/k25573437	Trust: 2.0
url:	http://www.securitytracker.com/id/1040805	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5517	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5517	Trust: 0.8
url:	https://securitytracker.com/id/1040805	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/39615	Trust: 0.6
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: CNVD: CNVD-2018-10109 // VULHUB: VHN-135548 // BID: 104362 // JVNDB: JVNDB-2018-004935 // CNNVD: CNNVD-201805-117 // NVD: CVE-2018-5517

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 104362

SOURCES

db:	CNVD	id:	CNVD-2018-10109
db:	VULHUB	id:	VHN-135548
db:	BID	id:	104362
db:	JVNDB	id:	JVNDB-2018-004935
db:	CNNVD	id:	CNNVD-201805-117
db:	NVD	id:	CVE-2018-5517

LAST UPDATE DATE

2024-11-23T22:17:29.683000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10109	date:	2018-05-23T00:00:00
db:	VULHUB	id:	VHN-135548	date:	2018-06-13T00:00:00
db:	BID	id:	104362	date:	2018-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-004935	date:	2018-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201805-117	date:	2018-05-03T00:00:00
db:	NVD	id:	CVE-2018-5517	date:	2024-11-21T04:08:58.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-10109	date:	2018-05-23T00:00:00
db:	VULHUB	id:	VHN-135548	date:	2018-05-02T00:00:00
db:	BID	id:	104362	date:	2018-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-004935	date:	2018-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201805-117	date:	2018-05-03T00:00:00
db:	NVD	id:	CVE-2018-5517	date:	2018-05-02T13:29:00.663