Details of VAR-201807-2204

ID

VAR-201807-2204

CVE

CVE-2018-5539

TITLE

F5 BIG-IP ASM Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008088

DESCRIPTION

Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file. F5 BIG-IP ASM Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP ASM is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attackers to cause the affected device to restart, denying service to legitimate users. F5 BIG-IP ASM (Application Security Manager) is a Web Application Firewall (WAF) of F5 Corporation in the United States. It provides secure remote access, protects emails, simplifies Web access control, and enhances network and application performance. An attacker could exploit this vulnerability to cause the affected BIG-IP ASM system to be unable to process traffic. Affected by version: F5 BIG-IP ASM 13.0.0 to 13.1.0.7, 12.1.0 to 12.1.3.5, 11.6.0 to 11.6.3.1, 11.5.1 to 11.5.6, Version 11.2.1

Trust: 1.98

sources: NVD: CVE-2018-5539 // JVNDB: JVNDB-2018-008088 // BID: 104921 // VULHUB: VHN-135570

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.2.1	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.6.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.4	Trust: 0.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.1	Trust: 0.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.3	Trust: 0.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.1	Trust: 0.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.5	Trust: 0.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.1	Trust: 0.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.0	Trust: 0.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.2	Trust: 0.6
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5.6	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	11.5.7	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	13.1.0.8	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	12.1.3.6	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	11.6.3.2	Trust: 0.3

sources: BID: 104921 // JVNDB: JVNDB-2018-008088 // CNNVD: CNNVD-201807-1841 // NVD: CVE-2018-5539

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5539
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-5539
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201807-1841
value:	HIGH
Trust: 0.6
VULHUB:	VHN-135570
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-5539
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-135570
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5539
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-135570 // JVNDB: JVNDB-2018-008088 // CNNVD: CNNVD-201807-1841 // NVD: CVE-2018-5539

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-135570 // JVNDB: JVNDB-2018-008088 // NVD: CVE-2018-5539

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1841

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1841

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008088

PATCH

title:	K75432956	url:	https://support.f5.com/csp/article/K75432956	Trust: 0.8
title:	F5 BIG-IP ASM Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82619	Trust: 0.6

sources: JVNDB: JVNDB-2018-008088 // CNNVD: CNNVD-201807-1841

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5539	Trust: 2.8
db:	BID	id:	104921	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-008088	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1841	Trust: 0.7
db:	VULHUB	id:	VHN-135570	Trust: 0.1

sources: VULHUB: VHN-135570 // BID: 104921 // JVNDB: JVNDB-2018-008088 // CNNVD: CNNVD-201807-1841 // NVD: CVE-2018-5539

REFERENCES

url:	https://support.f5.com/csp/article/k75432956	Trust: 2.0
url:	http://www.securityfocus.com/bid/104921	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5539	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5539	Trust: 0.8
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-135570 // BID: 104921 // JVNDB: JVNDB-2018-008088 // CNNVD: CNNVD-201807-1841 // NVD: CVE-2018-5539

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 104921

SOURCES

db:	VULHUB	id:	VHN-135570
db:	BID	id:	104921
db:	JVNDB	id:	JVNDB-2018-008088
db:	CNNVD	id:	CNNVD-201807-1841
db:	NVD	id:	CVE-2018-5539

LAST UPDATE DATE

2024-11-23T21:52:56.723000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-135570	date:	2020-08-24T00:00:00
db:	BID	id:	104921	date:	2018-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-008088	date:	2018-10-09T00:00:00
db:	CNNVD	id:	CNNVD-201807-1841	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-5539	date:	2024-11-21T04:09:01.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-135570	date:	2018-07-25T00:00:00
db:	BID	id:	104921	date:	2018-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-008088	date:	2018-10-09T00:00:00
db:	CNNVD	id:	CNNVD-201807-1841	date:	2018-07-26T00:00:00
db:	NVD	id:	CVE-2018-5539	date:	2018-07-25T14:29:00.430