Details of VAR-201810-0897

ID

VAR-201810-0897

CVE

CVE-2018-15311

TITLE

plural F5 BIG-IP Product Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010864

DESCRIPTION

When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0. plural F5 BIG-IP Product Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. A security vulnerability exists in the F5 BIG-IP. When the Large Receive Offload function is enabled, an attacker can exploit this vulnerability to cause TMM to restart. The following versions are affected: F5 BIG-IP version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3.5, 11.6.0 to 11.6.3.2, 11.5.1 to 11.5.6

Trust: 1.71

sources: NVD: CVE-2018-15311 // JVNDB: JVNDB-2018-010864 // VULHUB: VHN-125558

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	11.5.6	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.1.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	12.1.3.5	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	11.6.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.0.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	13.1.0.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.1	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.6.3	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.6.1	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.6.2	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.3	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0.1	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.2	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.5.6	Trust: 0.6

sources: JVNDB: JVNDB-2018-010864 // CNNVD: CNNVD-201810-497 // NVD: CVE-2018-15311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15311
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15311
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-497
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125558
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15311
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125558
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15311
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125558 // JVNDB: JVNDB-2018-010864 // CNNVD: CNNVD-201810-497 // NVD: CVE-2018-15311

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-125558 // JVNDB: JVNDB-2018-010864 // NVD: CVE-2018-15311

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-497

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201810-497

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010864

PATCH

title:	K07550539	url:	https://support.f5.com/csp/article/K07550539	Trust: 0.8
title:	F5 BIG-IP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85664	Trust: 0.6

sources: JVNDB: JVNDB-2018-010864 // CNNVD: CNNVD-201810-497

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15311	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-010864	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-497	Trust: 0.7
db:	VULHUB	id:	VHN-125558	Trust: 0.1

sources: VULHUB: VHN-125558 // JVNDB: JVNDB-2018-010864 // CNNVD: CNNVD-201810-497 // NVD: CVE-2018-15311

REFERENCES

url:	https://support.f5.com/csp/article/k07550539	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15311	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15311	Trust: 0.8

sources: VULHUB: VHN-125558 // JVNDB: JVNDB-2018-010864 // CNNVD: CNNVD-201810-497 // NVD: CVE-2018-15311

SOURCES

db:	VULHUB	id:	VHN-125558
db:	JVNDB	id:	JVNDB-2018-010864
db:	CNNVD	id:	CNNVD-201810-497
db:	NVD	id:	CVE-2018-15311

LAST UPDATE DATE

2024-11-23T22:30:12.643000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125558	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-010864	date:	2018-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-497	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-15311	date:	2024-11-21T03:50:31.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125558	date:	2018-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-010864	date:	2018-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-497	date:	2018-10-11T00:00:00
db:	NVD	id:	CVE-2018-15311	date:	2018-10-10T14:29:00.387