SB2018050209 - Multiple vulnerabilities in F5 BIG-IP

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Improper resource shutdown (CVE-ID: CVE-2018-5510)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Traffic Management Microkernel due to improper resource shutdown when processing a specific sequence of packets on IPv6 virtual servers. A remote attacker can cause the service to crash.

2) Improper resource shutdown (CVE-ID: CVE-2017-6155)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper resource shutdown. A remote attacker can submit malformed SPDY or HTTP/2 requests and cause the service to crash.

3) Improper authentication (CVE-ID: CVE-2018-5515)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the target Traffic Management Microkernel (TMM) component due to a remote IPv6 RADIUS server can return a specially crafted authentication response. A remote attacker can cause the service to crash.

4) Improper access control (CVE-ID: CVE-2018-5519)

The vulnerability allows a remote authenticated attacker to write arbitrary files on the target system.

The weakness exists in the slldump utility due to improper access control. A remote attacker can write to arbitrary file paths.

5) Improper access control (CVE-ID: CVE-2018-5518)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists in the vcmpd process due to improper access control. An adjacent attacker can cause the service to crash.

6) Information disclosure (CVE-ID: CVE-2018-5520)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists in the TMOS Shell (tmsh) due to improper information control. A remote attacker can gain access to potentially sensitive information via the dig utility.

7) Information disclosure (CVE-ID: CVE-2018-5516)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists in the TMOS Shell (tmsh) due to improper information control. A remote attacker can bypass tmsh restrictions and gain access to potentially sensitive information.

8) Improper resource shutdown (CVE-ID: CVE-2018-5512)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the target Traffic Management Microkernel (TMM) component due to improper resource shutdown. A remote attacker can send specially crafted traffic and cause the service to crash.

9) Improper resource shutdown (CVE-ID: CVE-2018-5514)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the target Traffic Management Microkernel (TMM) component due to improper resource shutdown. A remote attacker can send specially crafted HTTP/2 request frames and cause the service to crash.

10) Improper resource shutdown (CVE-ID: CVE-2018-5517)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the target Traffic Management Microkernel (TMM) component due to improper resource shutdown. A remote attacker can send specially crafted TCP packets to the target self IP address or FastL4 virtual server and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://support.f5.com/csp/article/K77671456
• https://support.f5.com/csp/article/K10930474
• https://support.f5.com/csp/article/K62750376
• https://support.f5.com/csp/article/K46121888
• https://support.f5.com/csp/article/K03165684
• https://support.f5.com/csp/article/K02043709
• https://support.f5.com/csp/article/K37442533
• https://support.f5.com/csp/article/K51754851
• https://support.f5.com/csp/article/K45320419
• https://support.f5.com/csp/article/K25573437