Details of VAR-201807-2208

ID

VAR-201807-2208

CVE

CVE-2018-5532

TITLE

plural F5 BIG-IP Vulnerabilities related to security functions in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-008183

DESCRIPTION

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. plural F5 BIG-IP The product contains vulnerabilities related to security functions.Information may be tampered with. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. A security vulnerability exists in the F5 BIG-IP. A remote attacker could exploit this vulnerability to cause DNS cache data to persist on the target system. The following versions are affected: F5 BIG-IP version 13.0.0, version 12.1.0 to version 12.1.2, version 11.6.0 to version 11.6.3.1, version 11.2.1 to version 11.5.6

Trust: 1.71

sources: NVD: CVE-2018-5532 // JVNDB: JVNDB-2018-008183 // VULHUB: VHN-135563

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	11.6.3.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.1	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.4	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.3	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.1	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.2.1	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.5	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.0	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.3.0	Trust: 0.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.2	Trust: 0.6

sources: JVNDB: JVNDB-2018-008183 // CNNVD: CNNVD-201807-1556 // NVD: CVE-2018-5532

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5532
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-5532
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201807-1556
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-135563
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-5532
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-135563
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5532
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-135563 // JVNDB: JVNDB-2018-008183 // CNNVD: CNNVD-201807-1556 // NVD: CVE-2018-5532

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-135563 // JVNDB: JVNDB-2018-008183 // NVD: CVE-2018-5532

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1556

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-1556

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008183

PATCH

title:	K48224824	url:	https://support.f5.com/csp/article/K48224824	Trust: 0.8
title:	F5 BIG-IP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84101	Trust: 0.6

sources: JVNDB: JVNDB-2018-008183 // CNNVD: CNNVD-201807-1556

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5532	Trust: 2.5
db:	SECTRACK	id:	1041345	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-008183	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1556	Trust: 0.7
db:	VULHUB	id:	VHN-135563	Trust: 0.1

sources: VULHUB: VHN-135563 // JVNDB: JVNDB-2018-008183 // CNNVD: CNNVD-201807-1556 // NVD: CVE-2018-5532

REFERENCES

url:	https://support.f5.com/csp/article/k48224824	Trust: 1.7
url:	http://www.securitytracker.com/id/1041345	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5532	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5532	Trust: 0.8

sources: VULHUB: VHN-135563 // JVNDB: JVNDB-2018-008183 // CNNVD: CNNVD-201807-1556 // NVD: CVE-2018-5532

SOURCES

db:	VULHUB	id:	VHN-135563
db:	JVNDB	id:	JVNDB-2018-008183
db:	CNNVD	id:	CNNVD-201807-1556
db:	NVD	id:	CVE-2018-5532

LAST UPDATE DATE

2024-11-23T22:45:15.735000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-135563	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-008183	date:	2018-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201807-1556	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-5532	date:	2024-11-21T04:09:00.687

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-135563	date:	2018-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2018-008183	date:	2018-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201807-1556	date:	2018-07-19T00:00:00
db:	NVD	id:	CVE-2018-5532	date:	2018-07-19T14:29:00.573