Details of VAR-201805-0925

ID

VAR-201805-0925

CVE

CVE-2018-5518

TITLE

plural F5 BIG-IP Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-004936

DESCRIPTION

On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required. plural F5 BIG-IP The product contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. An attacker can exploit this issue to cause a denial-of-service condition. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP AAM version 13.0.0 to 13.1.0.5, 12.1.0 to version 12.1.3; BIG-IP AFM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3; BIG-IP Analytics version 13.0.0 to version 13.1.0.5, version 12.1.0 to 12.1 .3 versions; BIG-IP APM versions 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP ASM versions 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3 Versions; BIG-IP DNS 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP Edge Gateway 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3 ; BIG-IP GTM versions 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP Link Controller 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP PEM Version 13.0.0 through Version 13.1.0.5, Version 12.1.0 through Version 12.1.3; BIG-IP WebAccelerator Version 13.0.0 through Version 13.1.0.5, Version 12.1.0 through Version 12.1.3; BIG- IP WebSafe version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3

Trust: 2.52

sources: NVD: CVE-2018-5518 // JVNDB: JVNDB-2018-004936 // CNVD: CNVD-2018-10104 // BID: 107016 // VULHUB: VHN-135549

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-10104

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip ltm	scope:	gte	version:	13.0.0<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip ltm	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip aam	scope:	gte	version:	13.0.0<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip aam	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip afm	scope:	gte	version:	13.0.0<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip afm	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.0.0,<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip apm	scope:	gte	version:	13.0.0<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip apm	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip asm	scope:	gte	version:	13.0.0<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip asm	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip dns	scope:	gte	version:	13.0.0<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip dns	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.0.0,<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip gtm	scope:	gte	version:	13.0.0<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip gtm	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.0.0,<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip pem	scope:	gte	version:	13.0.0<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip pem	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.0.0,<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	websafe	scope:	gte	version:	13.0.0<=13.1.0.5	Trust: 0.6
vendor:	f5	model:	websafe	scope:	gte	version:	12.1.0,<=12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0.0	Trust: 0.6
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.0	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.1	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0	Trust: 0.6
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.0.0	Trust: 0.6
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.1	Trust: 0.6
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.0	Trust: 0.6
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.0.0	Trust: 0.6
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.1	Trust: 0.6
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.0.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	12.1.3.4	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	12.1.3.4	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	12.1.3.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	12.1.3.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	12.1.3.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	12.1.3.4	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	12.1.3.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	12.1.3.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	12.1.3.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	12.1.3.4	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	12.1.3.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	13.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	12.1.3.4	Trust: 0.3

sources: CNVD: CNVD-2018-10104 // BID: 107016 // JVNDB: JVNDB-2018-004936 // CNNVD: CNNVD-201805-116 // NVD: CVE-2018-5518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5518
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-5518
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-10104
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201805-116
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-135549
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-5518
severity:	LOW
baseScore:	2.3
vectorString:	AV:A/AC:M/AU:S/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10104
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-135549
severity:	LOW
baseScore:	2.3
vectorString:	AV:A/AC:M/AU:S/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5518
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-10104 // VULHUB: VHN-135549 // JVNDB: JVNDB-2018-004936 // CNNVD: CNNVD-201805-116 // NVD: CVE-2018-5518

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-135549 // JVNDB: JVNDB-2018-004936 // NVD: CVE-2018-5518

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201805-116

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-116

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004936

PATCH

title:	K03165684	url:	https://support.f5.com/csp/article/K03165684	Trust: 0.8
title:	Patch for multiple F5 product denial of service vulnerabilities (CNVD-2018-10104)	url:	https://www.cnvd.org.cn/patchInfo/show/129959	Trust: 0.6
title:	Multiple F5 Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79849	Trust: 0.6

sources: CNVD: CNVD-2018-10104 // JVNDB: JVNDB-2018-004936 // CNNVD: CNNVD-201805-116

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5518	Trust: 3.4
db:	SECTRACK	id:	1040797	Trust: 2.3
db:	JVNDB	id:	JVNDB-2018-004936	Trust: 0.8
db:	CNVD	id:	CNVD-2018-10104	Trust: 0.6
db:	CNNVD	id:	CNNVD-201805-116	Trust: 0.6
db:	BID	id:	107016	Trust: 0.3
db:	VULHUB	id:	VHN-135549	Trust: 0.1

sources: CNVD: CNVD-2018-10104 // VULHUB: VHN-135549 // BID: 107016 // JVNDB: JVNDB-2018-004936 // CNNVD: CNNVD-201805-116 // NVD: CVE-2018-5518

REFERENCES

url:	https://support.f5.com/csp/article/k03165684	Trust: 2.0
url:	http://www.securitytracker.com/id/1040797	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5518	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5518	Trust: 0.8
url:	https://securitytracker.com/id/1040797	Trust: 0.6
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: CNVD: CNVD-2018-10104 // VULHUB: VHN-135549 // BID: 107016 // JVNDB: JVNDB-2018-004936 // CNNVD: CNNVD-201805-116 // NVD: CVE-2018-5518

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 107016

SOURCES

db:	CNVD	id:	CNVD-2018-10104
db:	VULHUB	id:	VHN-135549
db:	BID	id:	107016
db:	JVNDB	id:	JVNDB-2018-004936
db:	CNNVD	id:	CNNVD-201805-116
db:	NVD	id:	CVE-2018-5518

LAST UPDATE DATE

2024-11-23T22:22:05.186000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10104	date:	2018-05-23T00:00:00
db:	VULHUB	id:	VHN-135549	date:	2019-10-03T00:00:00
db:	BID	id:	107016	date:	2018-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-004936	date:	2018-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201805-116	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-5518	date:	2024-11-21T04:08:58.750

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-10104	date:	2018-05-23T00:00:00
db:	VULHUB	id:	VHN-135549	date:	2018-05-02T00:00:00
db:	BID	id:	107016	date:	2018-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-004936	date:	2018-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201805-116	date:	2018-05-03T00:00:00
db:	NVD	id:	CVE-2018-5518	date:	2018-05-02T13:29:00.740