Details of VAR-201810-0907

ID

VAR-201810-0907

CVE

CVE-2018-15318

TITLE

plural F5 BIG-IP Product Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011703

DESCRIPTION

In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition. plural F5 BIG-IP Product Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. A security vulnerability exists in the F5 BIG-IP. An attacker could exploit this vulnerability to cause the BIG-IP system to temporarily fail to process traffic and possibly cause the device to fail over. The following versions are affected: F5 BIG-IP version 14.0.0 to 14.0.0.2, 13.1.0.4 to 13.1.1.1, 12.1.3.4 to 12.1.3.6

Trust: 1.71

sources: NVD: CVE-2018-15318 // JVNDB: JVNDB-2018-011703 // VULHUB: VHN-125565

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.3.4	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	12.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip protocol security module	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.0.1	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0.0	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	13.1.1	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.0.0	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.0.0	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.1	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0.1	Trust: 0.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	14.0.0	Trust: 0.6

sources: JVNDB: JVNDB-2018-011703 // CNNVD: CNNVD-201810-1537 // NVD: CVE-2018-15318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15318
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-15318
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201810-1537
value:	HIGH
Trust: 0.6
VULHUB:	VHN-125565
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-15318
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125565
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15318
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125565 // JVNDB: JVNDB-2018-011703 // CNNVD: CNNVD-201810-1537 // NVD: CVE-2018-15318

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-125565 // JVNDB: JVNDB-2018-011703 // NVD: CVE-2018-15318

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1537

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201810-1537

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011703

PATCH

title:	K16248201	url:	https://support.f5.com/csp/article/K16248201	Trust: 0.8
title:	F5 BIG-IP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86512	Trust: 0.6

sources: JVNDB: JVNDB-2018-011703 // CNNVD: CNNVD-201810-1537

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15318	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-011703	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1537	Trust: 0.7
db:	VULHUB	id:	VHN-125565	Trust: 0.1

sources: VULHUB: VHN-125565 // JVNDB: JVNDB-2018-011703 // CNNVD: CNNVD-201810-1537 // NVD: CVE-2018-15318

REFERENCES

url:	https://support.f5.com/csp/article/k16248201	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15318	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15318	Trust: 0.8

sources: VULHUB: VHN-125565 // JVNDB: JVNDB-2018-011703 // CNNVD: CNNVD-201810-1537 // NVD: CVE-2018-15318

SOURCES

db:	VULHUB	id:	VHN-125565
db:	JVNDB	id:	JVNDB-2018-011703
db:	CNNVD	id:	CNNVD-201810-1537
db:	NVD	id:	CVE-2018-15318

LAST UPDATE DATE

2024-11-23T22:58:50.123000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125565	date:	2018-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-011703	date:	2019-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201810-1537	date:	2018-11-01T00:00:00
db:	NVD	id:	CVE-2018-15318	date:	2024-11-21T03:50:33.037

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125565	date:	2018-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-011703	date:	2019-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201810-1537	date:	2018-11-01T00:00:00
db:	NVD	id:	CVE-2018-15318	date:	2018-10-31T14:29:00.313