ID

VAR-201806-1551


CVE

CVE-2018-5524


TITLE

plural F5 BIG-IP Product configuration vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006245

DESCRIPTION

Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue. plural F5 BIG-IP The product contains a vulnerability related to environment settings.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Security flaws exist in several F5 products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6.3; BIG-IP AAM 13.0.0 Versions to 13.1.0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6.3; BIG-IP AFM 13.0.0 to 13.1.0, 12.1.0 to 12.1.3 Versions, 11.6.1 HF2 to 11.6.3; BIG-IP Analytics 13.0.0 to 13.1.0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6.3; BIG-IP Analytics IP APM 13.0.0 to 13.1.0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6.3; BIG-IP ASM 13.0.0 to 13.1.0, 12.1.0 Versions to 12.1.3, 11.6.1 HF2 to 11.6.3; BIG-IP Edge Gateway 13.0.0 to 13.1.0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6 .3 releases; BIG-IP FPS releases 13.0.0 to 13.1.0, 12.1.0 to 12.1.3 releases, 11.6.1 HF2 releases to 11.6.3 releases; BIG-IP Link Controller releases 13.0.0 to 13.1 .0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6.3; PEM; BIG-IP WebAccelerator 13.0.0 to 13.1.0, 12.1.0 to 12.1.3 , 11.6.1 HF2 version to 11.6. 3 versions

Trust: 1.71

sources: NVD: CVE-2018-5524 // JVNDB: JVNDB-2018-006245 // VULHUB: VHN-135555

AFFECTED PRODUCTS

vendor:f5model:big-ip webacceleratorscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:13.0.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:13.0.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:13.0.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:13.0.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:13.0.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:13.0.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:13.0.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:13.0.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:13.0.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:13.0.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:13.0.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip advanced firewall managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip analyticsscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application acceleration managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application security managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip edge gatewayscope: - version: -

Trust: 0.8

vendor:f5model:big-ip fraud protection servicescope: - version: -

Trust: 0.8

vendor:f5model:big-ip link controllerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip local traffic managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip policy enforcement managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip webacceleratorscope: - version: -

Trust: 0.8

vendor:f5model:big-ip analyticsscope:eqversion:11.6.1

Trust: 0.6

vendor:f5model:big-ip advanced firewall managerscope:eqversion:11.6.1

Trust: 0.6

vendor:f5model:big-ip advanced firewall managerscope:eqversion:12.1.0

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:12.1.1

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:11.6.1

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:12.1.0

Trust: 0.6

vendor:f5model:big-ip application acceleration managerscope:eqversion:12.1.1

Trust: 0.6

vendor:f5model:big-ip application acceleration managerscope:eqversion:11.6.1

Trust: 0.6

vendor:f5model:big-ip application acceleration managerscope:eqversion:12.1.0

Trust: 0.6

vendor:f5model:big-ip advanced firewall managerscope:eqversion:12.1.1

Trust: 0.6

sources: JVNDB: JVNDB-2018-006245 // CNNVD: CNNVD-201806-143 // NVD: CVE-2018-5524

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5524
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-5524
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201806-143
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135555
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5524
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-135555
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5524
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135555 // JVNDB: JVNDB-2018-006245 // CNNVD: CNNVD-201806-143 // NVD: CVE-2018-5524

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-16

Trust: 0.9

sources: VULHUB: VHN-135555 // JVNDB: JVNDB-2018-006245 // NVD: CVE-2018-5524

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-143

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-201806-143

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006245

PATCH

title:K53931245url:https://support.f5.com/csp/article/K53931245

Trust: 0.8

title:Multiple F5 Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80500

Trust: 0.6

sources: JVNDB: JVNDB-2018-006245 // CNNVD: CNNVD-201806-143

EXTERNAL IDS

db:NVDid:CVE-2018-5524

Trust: 2.5

db:SECTRACKid:1041020

Trust: 1.7

db:JVNDBid:JVNDB-2018-006245

Trust: 0.8

db:CNNVDid:CNNVD-201806-143

Trust: 0.7

db:VULHUBid:VHN-135555

Trust: 0.1

sources: VULHUB: VHN-135555 // JVNDB: JVNDB-2018-006245 // CNNVD: CNNVD-201806-143 // NVD: CVE-2018-5524

REFERENCES

url:https://support.f5.com/csp/article/k53931245

Trust: 1.7

url:http://www.securitytracker.com/id/1041020

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5524

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-5524

Trust: 0.8

sources: VULHUB: VHN-135555 // JVNDB: JVNDB-2018-006245 // CNNVD: CNNVD-201806-143 // NVD: CVE-2018-5524

SOURCES

db:VULHUBid:VHN-135555
db:JVNDBid:JVNDB-2018-006245
db:CNNVDid:CNNVD-201806-143
db:NVDid:CVE-2018-5524

LAST UPDATE DATE

2024-11-23T22:48:41.685000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-135555date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-006245date:2018-08-13T00:00:00
db:CNNVDid:CNNVD-201806-143date:2019-10-23T00:00:00
db:NVDid:CVE-2018-5524date:2024-11-21T04:08:59.610

SOURCES RELEASE DATE

db:VULHUBid:VHN-135555date:2018-06-01T00:00:00
db:JVNDBid:JVNDB-2018-006245date:2018-08-13T00:00:00
db:CNNVDid:CNNVD-201806-143date:2018-06-04T00:00:00
db:NVDid:CVE-2018-5524date:2018-06-01T14:29:00.627