Multiple vulnerabilities in F5 BIG-IP
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU12772
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6143
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated. A remote attacker can gain access to potentially sensitive information.
Update to versions 13.0.0, 12.1.2 HF1, 11.6.3 or 11.5.6.
Vulnerable software versionsBIG-IP AFM: 11.5.1 - 12.1.2
External linkshttp://support.f5.com/csp/article/K11464209
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU12774
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6156
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper input validation when the system is configured with a wildcard IPSec tunnel endpoint. A remote attacker can disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations.
Update to versions 13.0.0, 12.1.2, 11.6.1 HF2 or 11.5.6.
Vulnerable software versionsBIG-IP LTM: 11.2.1 - 12.1.1
BIG-IP AAM: 11.2.1 - 12.1.1
BIG-IP AFM: 11.2.1 - 12.1.1
BIG-IP Analytics: 11.2.1 - 12.1.1
BIG-IP APM: 11.2.1 - 12.1.1
BIG-IP ASM: 11.2.1 - 12.1.1
BIG-IP DNS: 11.2.1 - 12.1.1
BIG-IP Edge Gateway: 11.2.1 - 12.1.1
BIG-IP GTM: 11.2.1 - 12.1.1
BIG-IP Link Controller: 11.2.1 - 12.1.1
BIG-IP PEM: 11.2.1 - 12.1.1
BIG-IP WebAccelerator: 11.2.1 - 12.1.1
BIG-IP WebSafe: 11.2.1 - 12.1.1
External linkshttp://support.f5.com/csp/article/K05263202
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper resource shutdown
EUVDB-ID: #VU12805
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6148
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to responses to SOCKS proxy requests made through the BIG-IP system. A remote attacker can cause the service to crash.
Update to versions 11.5.6, 11.6.3, 12.1.3.2, 13.0.1 or 13.1.0.
Vulnerable software versionsBIG-IP LTM: 11.5.1 - 13.0.0
BIG-IP AAM: 11.5.1 - 13.0.0
BIG-IP AFM: 11.5.1 - 13.0.0
BIG-IP APM: 11.5.1 - 13.0.0
BIG-IP ASM: 11.5.1 - 13.0.0
BIG-IP Link Controller: 11.5.1 - 13.0.0
BIG-IP PEM: 11.5.1 - 13.0.0
BIG-IP WebSafe: 11.5.1 - 13.0.0
External linkshttp://support.f5.com/csp/article/K55225440
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper resource shutdown
EUVDB-ID: #VU12806
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5507
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to incorrect decryption of ciphertext from established SSL sessions with small MTU. An adjacent attacker can cause the service to crash.
Update to versions 11.5.6, 11.6.3, 12.1.3.2, 13.0.1 or 13.1.0.
Vulnerable software versionsBIG-IP LTM: 11.5.1 - 13.0.0
BIG-IP AAM: 11.5.1 - 13.0.0
BIG-IP AFM: 11.5.1 - 13.0.0
BIG-IP APM: 11.5.1 - 13.0.0
BIG-IP ASM: 11.5.1 - 13.0.0
BIG-IP Link Controller: 11.5.1 - 13.0.0
BIG-IP PEM: 11.5.1 - 13.0.0
BIG-IP WebSafe: 11.5.1 - 13.0.0
External linkshttp://support.f5.com/csp/article/K52521791
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Brute-force attack
EUVDB-ID: #VU12849
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5506
CWE-ID:
CWE-307 - Improper Restriction of Excessive Authentication Attempts
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass security restrctions on the target system.
The weakness exists in the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp due to handling of invalid IP addresses. A remote attacker can bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices.
Update to versions 11.5.6, 11.6.2, 12.1.3.2, 13.0.0 HF1, 13.0.1 or 13.1.0.
Vulnerable software versionsBIG-IP LTM: 11.2.1 - 13.0.0
BIG-IP AAM: 11.2.1 - 13.0.0
BIG-IP AFM: 11.2.1 - 13.0.0
BIG-IP Analytics: 11.2.1 - 13.0.0
BIG-IP APM: 11.2.1 - 13.0.0
BIG-IP ASM: 11.2.1 - 13.0.0
BIG-IP DNS: 11.2.1 - 13.0.0
BIG-IP Edge Gateway: 11.2.1 - 13.0.0
BIG-IP GTM: 11.2.1 - 13.0.0
BIG-IP Link Controller: 11.2.1 - 13.0.0
BIG-IP PEM: 11.2.1 - 13.0.0
BIG-IP WebAccelerator: 11.2.1 - 13.0.0
BIG-IP WebSafe: 11.2.1 - 13.0.0
External linkshttp://support.f5.com/csp/article/K65355492
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Command injection
EUVDB-ID: #VU12846
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5511
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the Traffic Management User Interface due to command injection. A remote attacker can execute arbitrary commands with root privileges.
Update to version 13.1.0.4 or 13.0.1.
Vulnerable software versionsEnterprise Manager: 3.1.1
BIG-IP LTM: 13.0.0 - 13.1.0
BIG-IP AAM: 13.0.0 - 13.1.0
BIG-IP AFM: 13.0.0 - 13.1.0
BIG-IP Analytics: 13.0.0 - 13.1.0
BIG-IP APM: 13.0.0 - 13.1.0
BIG-IP ASM: 13.0.0 - 13.1.0
BIG-IP DNS: 13.0.0 - 13.1.0
BIG-IP Edge Gateway: 13.0.0 - 13.1.0
BIG-IP GTM: 13.0.0 - 13.1.0
BIG-IP Link Controller: 13.0.0 - 13.1.0
BIG-IP PEM: 13.0.0 - 13.1.0
BIG-IP WebAccelerator: 13.0.0 - 13.1.0
BIG-IP WebSafe: 13.0.0 - 13.1.0
External linkshttp://support.f5.com/csp/article/K30500703
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Data handling
EUVDB-ID: #VU12844
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5508
CWE-ID:
CWE-19 - Data Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in TMM due to processing compressed data through a Virtual Server with an associated PEM profile using the content insertion option. A remote attacker can cause the service to crash.
Update to versions 13.1.0, 12.1.3.2, 11.6.3 or 11.5.6.
Vulnerable software versionsBIG-IP PEM: 11.2.1 - 13.0.0
External linkshttp://support.f5.com/csp/article/K10329515
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Data handling
EUVDB-ID: #VU12843
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6158
CWE-ID:
CWE-19 - Data Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in TMM due to handling of invalid IP addresses. A remote attacker can cause the service to crash.
Update to versions 11.5.6, 11.6.2, 12.1.3 or 13.0.0.
Vulnerable software versionsBIG-IP LTM: 11.2.1 - 12.1.2
BIG-IP AAM: 11.2.1 - 12.1.2
BIG-IP AFM: 11.2.1 - 12.1.2
BIG-IP Analytics: 11.2.1 - 12.1.2
BIG-IP APM: 11.2.1 - 12.1.2
BIG-IP ASM: 11.2.1 - 12.1.2
BIG-IP DNS: 11.2.1 - 12.1.2
BIG-IP Edge Gateway: 11.2.1 - 12.1.2
BIG-IP GTM: 11.2.1 - 12.1.2
BIG-IP Link Controller: 11.2.1 - 12.1.2
BIG-IP PEM: 11.2.1 - 12.1.2
BIG-IP WebAccelerator: 11.2.1 - 12.1.2
BIG-IP WebSafe: 11.2.1 - 12.1.2
External linkshttp://support.f5.com/csp/article/K19361245
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
