Multiple vulnerabilities in F5 BIG-IP
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Improper resource shutdown
EUVDB-ID: #VU12295
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5510
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the Traffic Management Microkernel due to improper resource shutdown when processing a specific sequence of packets on IPv6 virtual servers. A remote attacker can cause the service to crash.
Update to version 11.5.6.
Vulnerable software versionsBIG-IP Analytics: 11.5.4 HF4 - 11.5.5
BIG-IP LTM: 11.5.4 HF4 - 11.5.5
BIG-IP AAM: 11.5.4 HF4 - 11.5.5
BIG-IP AFM: 11.5.4 HF4 - 11.5.5
BIG-IP APM: 11.5.4 HF4 - 11.5.5
BIG-IP ASM: 11.5.4 HF4 - 11.5.5
BIG-IP DNS: 11.5.4 HF4 - 11.5.5
BIG-IP Edge Gateway: 11.5.4 HF4 - 11.5.5
BIG-IP GTM: 11.5.4 HF4 - 11.5.5
BIG-IP PEM: 11.5.4 HF4 - 11.5.5
BIG-IP WebAccelerator: 11.5.4 HF4 - 11.5.5
BIG-IP WebSafe: 11.5.4 HF4 - 11.5.5
External linkshttp://support.f5.com/csp/article/K77671456
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper resource shutdown
EUVDB-ID: #VU12319
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6155
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper resource shutdown. A remote attacker can submit malformed SPDY or HTTP/2 requests and cause the service to crash.
Update to version 13.1.0, 13.0.1, 12.1.3.1, 11.6.3 or 11.5.6.
Vulnerable software versionsBIG-IP LTM: 11.2.1 - 13.0.0
BIG-IP AAM: 11.2.1 - 13.0.0
BIG-IP AFM: 11.2.1 - 13.0.0
BIG-IP APM: 11.2.1 - 13.0.0
BIG-IP ASM: 11.2.1 - 13.0.0
BIG-IP Edge Gateway: 11.2.1 - 13.0.0
BIG-IP Link Controller: 11.2.1 - 13.0.0
BIG-IP PEM: 11.2.1 - 13.0.0
BIG-IP PSM: 11.2.1 - 13.0.0
BIG-IP WebAccelerator: 11.2.1 - 13.0.0
BIG-IP WebSafe: 11.2.1 - 13.0.0
External linkshttp://support.f5.com/csp/article/K10930474
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper authentication
EUVDB-ID: #VU12329
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5515
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the target Traffic Management Microkernel (TMM) component due to a remote IPv6 RADIUS server can return a specially crafted authentication response. A remote attacker can cause the service to crash.
Update to version 13.1.0.6.
Vulnerable software versionsBIG-IP LTM: 13.0.0 - 13.1.0
BIG-IP AAM: 13.0.0 - 13.1.0
BIG-IP AFM: 13.0.0 - 13.1.0
BIG-IP Analytics: 13.0.0 - 13.1.0
BIG-IP APM: 13.0.0 - 13.1.0
BIG-IP ASM: 13.0.0 - 13.1.0
BIG-IP DNS: 13.0.0 - 13.1.0
BIG-IP Edge Gateway: 13.0.0 - 13.1.0
BIG-IP GTM: 13.0.0 - 13.1.0
BIG-IP Link Controller: 13.0.0 - 13.1.0
BIG-IP PEM: 13.0.0 - 13.1.0
BIG-IP WebAccelerator: 13.0.0 - 13.1.0
BIG-IP WebSafe: 13.0.0 - 13.1.0
External linkshttp://support.f5.com/csp/article/K62750376
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU12330
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5519
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to write arbitrary files on the target system.
The weakness exists in the slldump utility due to improper access control. A remote attacker can write to arbitrary file paths.
Update to version 12.1.3.4 or 13.1.0.6.
Vulnerable software versionsBIG-IP LTM: 11.2.1 - 13.1.0
BIG-IP AAM: 11.2.1 - 13.1.0
BIG-IP AFM: 11.2.1 - 13.1.0
BIG-IP Analytics: 11.2.1 - 13.1.0
BIG-IP APM: 11.2.1 - 13.1.0
BIG-IP ASM: 11.2.1 - 13.1.0
BIG-IP DNS: 11.2.1 - 13.1.0
BIG-IP Edge Gateway: 11.2.1 - 13.1.0
BIG-IP GTM: 11.2.1 - 13.1.0
BIG-IP Link Controller: 11.2.1 - 13.1.0
BIG-IP PEM: 11.2.1 - 13.1.0
BIG-IP WebAccelerator: 11.2.1 - 13.1.0
BIG-IP WebSafe: 11.2.1 - 13.1.0
External linkshttp://support.f5.com/csp/article/K46121888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU12331
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5518
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists in the vcmpd process due to improper access control. An adjacent attacker can cause the service to crash.
Update to version 12.1.3.4 or 13.1.0.6.
Vulnerable software versionsBIG-IP LTM: 12.0.0 - 13.1.0
BIG-IP AAM: 12.0.0 - 13.1.0
BIG-IP AFM: 12.0.0 - 13.1.0
BIG-IP Analytics: 12.0.0 - 13.1.0
BIG-IP APM: 12.0 HF1 - 13.1.0
BIG-IP ASM: 12.0.0 - 13.1.0
BIG-IP DNS: 12.0.0 - 13.1.0
BIG-IP Edge Gateway: 12.0.0 - 13.1.0
BIG-IP GTM: 12.0.0 - 13.1.0
BIG-IP Link Controller: 12.0.0 - 13.1.0
BIG-IP PEM: 12.0.0 - 13.1.0
BIG-IP WebAccelerator: 12.0.0 - 13.1.0
BIG-IP WebSafe: 12.0.0 - 13.1.0
External linkshttp://support.f5.com/csp/article/K03165684
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU12332
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5520
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists in the TMOS Shell (tmsh) due to improper information control. A remote attacker can gain access to potentially sensitive information via the dig utility.
Update to version 12.1.3.2 or 13.1.0.6.
Vulnerable software versionsBIG-IP LTM: 11.2.1 - 13.1.0
BIG-IP AAM: 11.2.1 - 13.1.0
BIG-IP AFM: 11.2.1 - 13.1.0
BIG-IP Analytics: 11.2.1 - 13.1.0
BIG-IP APM: 11.2.1 - 13.1.0
BIG-IP ASM: 11.2.1 - 13.1.0
BIG-IP DNS: 11.2.1 - 13.1.0
BIG-IP Edge Gateway: 11.2.1 - 13.1.0
BIG-IP GTM: 11.2.1 - 13.1.0
BIG-IP Link Controller: 11.2.1 - 13.1.0
BIG-IP PEM: 11.2.1 - 13.1.0
BIG-IP WebAccelerator: 11.2.1 - 13.1.0
BIG-IP WebSafe: 11.2.1 - 13.1.0
External linkshttp://support.f5.com/csp/article/K02043709
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU12333
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5516
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists in the TMOS Shell (tmsh) due to improper information control. A remote attacker can bypass tmsh restrictions and gain access to potentially sensitive information.
Update to version 12.1.3 or 13.1.0.6.
Vulnerable software versionsBIG-IP LTM: 11.2.1 - 13.1.0
BIG-IP AAM: 11.2.1 - 13.1.0
BIG-IP AFM: 11.2.1 - 13.1.0
BIG-IP Analytics: 11.2.1 - 13.1.0
BIG-IP APM: 11.2.1 - 13.1.0
BIG-IP ASM: 11.2.1 - 13.1.0
BIG-IP DNS: 11.2.1 - 13.1.0
BIG-IP Edge Gateway: 11.2.1 - 13.1.0
BIG-IP GTM: 11.2.1 - 13.1.0
BIG-IP Link Controller: 11.2.1 - 13.1.0
BIG-IP PEM: 11.2.1 - 13.1.0
BIG-IP WebAccelerator: 11.2.1 - 13.1.0
BIG-IP WebSafe: 11.2.1 - 13.1.0
External linkshttp://support.f5.com/csp/article/K37442533
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper resource shutdown
EUVDB-ID: #VU12334
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5512
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the target Traffic Management Microkernel (TMM) component due to improper resource shutdown. A remote attacker can send specially crafted traffic and cause the service to crash.
Update to version 13.1.0.6.
Vulnerable software versionsBIG-IP LTM: 13.1.0
BIG-IP AAM: 13.1.0
BIG-IP AFM: 13.1.0
BIG-IP Analytics: 13.1.0
BIG-IP APM: 13.1.0
BIG-IP ASM: 13.1.0
BIG-IP DNS: 13.1.0
BIG-IP Edge Gateway: 13.1.0
BIG-IP GTM: 13.1.0
BIG-IP Link Controller: 13.1.0
BIG-IP PEM: 13.1.0
BIG-IP WebAccelerator: 13.1.0
BIG-IP WebSafe: 13.1.0
External linkshttp://support.f5.com/csp/article/K51754851
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper resource shutdown
EUVDB-ID: #VU12335
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5514
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the target Traffic Management Microkernel (TMM) component due to improper resource shutdown. A remote attacker can send specially crafted HTTP/2 request frames and cause the service to crash.
Update to version 13.1.0.6.
Vulnerable software versionsBIG-IP LTM: 13.1.0
BIG-IP AAM: 13.1.0
BIG-IP AFM: 13.1.0
BIG-IP Analytics: 13.1.0
BIG-IP APM: 13.1.0
BIG-IP ASM: 13.1.0
BIG-IP DNS: 13.1.0
BIG-IP Edge Gateway: 13.1.0
BIG-IP GTM: 13.1.0
BIG-IP Link Controller: 13.1.0
BIG-IP PEM: 13.1.0
BIG-IP WebAccelerator: 13.1.0
BIG-IP WebSafe: 13.1.0
External linkshttp://support.f5.com/csp/article/K45320419
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper resource shutdown
EUVDB-ID: #VU12336
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5517
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the target Traffic Management Microkernel (TMM) component due to improper resource shutdown. A remote attacker can send specially crafted TCP packets to the target self IP address or FastL4 virtual server and cause the service to crash.
Update to version 13.1.0.6.
Vulnerable software versionsBIG-IP LTM: 13.1.0
BIG-IP AAM: 13.1.0
BIG-IP AFM: 13.1.0
BIG-IP Analytics: 13.1.0
BIG-IP APM: 13.1.0
BIG-IP ASM: 13.1.0
BIG-IP DNS: 13.1.0
BIG-IP Edge Gateway: 13.1.0
BIG-IP GTM: 13.1.0
BIG-IP Link Controller: 13.1.0
BIG-IP PEM: 13.1.0
BIG-IP WebAccelerator: 13.1.0
BIG-IP WebSafe: 13.1.0
External linkshttp://support.f5.com/csp/article/K25573437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
