Details of VAR-201810-0901

ID

VAR-201810-0901

CVE

CVE-2018-15323

TITLE

plural F5 BIG-IP Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-011696

DESCRIPTION

On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP Products are prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause a denial-of-service condition due to excessive memory consumption. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. Attackers can use this vulnerability to cause the BIG-IP system to temporarily fail to process traffic and may cause the device to fail over, resulting in a denial of service

Trust: 1.98

sources: NVD: CVE-2018-15323 // JVNDB: JVNDB-2018-011696 // BID: 106562 // VULHUB: VHN-125571

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.1	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.1	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0.0	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.0.0	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0.1	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.0.0	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.0.0	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.0.0	Trust: 0.6
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	13.1.1.2	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	ne	version:	13.1.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	13.1.1.2	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	13.1.1.2	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	13.1.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	13.1.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	13.1.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	13.1.1.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	14.0.0.3	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	13.1.1.2	Trust: 0.3

sources: BID: 106562 // JVNDB: JVNDB-2018-011696 // CNNVD: CNNVD-201810-1542 // NVD: CVE-2018-15323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15323
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15323
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-1542
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125571
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15323
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125571
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15323
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125571 // JVNDB: JVNDB-2018-011696 // CNNVD: CNNVD-201810-1542 // NVD: CVE-2018-15323

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-125571 // JVNDB: JVNDB-2018-011696 // NVD: CVE-2018-15323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1542

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201810-1542

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011696

PATCH

title:	K26583415	url:	https://support.f5.com/csp/article/K26583415	Trust: 0.8
title:	F5 BIG-IP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86517	Trust: 0.6

sources: JVNDB: JVNDB-2018-011696 // CNNVD: CNNVD-201810-1542

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15323	Trust: 2.8
db:	JVNDB	id:	JVNDB-2018-011696	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1542	Trust: 0.7
db:	BID	id:	106562	Trust: 0.3
db:	VULHUB	id:	VHN-125571	Trust: 0.1

sources: VULHUB: VHN-125571 // BID: 106562 // JVNDB: JVNDB-2018-011696 // CNNVD: CNNVD-201810-1542 // NVD: CVE-2018-15323

REFERENCES

url:	https://support.f5.com/csp/article/k26583415	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15323	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15323	Trust: 0.8
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-125571 // BID: 106562 // JVNDB: JVNDB-2018-011696 // CNNVD: CNNVD-201810-1542 // NVD: CVE-2018-15323

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 106562

SOURCES

db:	VULHUB	id:	VHN-125571
db:	BID	id:	106562
db:	JVNDB	id:	JVNDB-2018-011696
db:	CNNVD	id:	CNNVD-201810-1542
db:	NVD	id:	CVE-2018-15323

LAST UPDATE DATE

2024-11-23T22:55:43.128000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125571	date:	2018-12-11T00:00:00
db:	BID	id:	106562	date:	2018-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-011696	date:	2019-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201810-1542	date:	2018-11-01T00:00:00
db:	NVD	id:	CVE-2018-15323	date:	2024-11-21T03:50:33.717

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125571	date:	2018-10-31T00:00:00
db:	BID	id:	106562	date:	2018-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-011696	date:	2019-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201810-1542	date:	2018-11-01T00:00:00
db:	NVD	id:	CVE-2018-15323	date:	2018-10-31T14:29:00.580