Multiple vulnerabilities in F5 BIG-IP



Published: 2018-06-29 | Updated: 2018-07-04
Risk Low
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2018-5527
CVE-2018-5528
CVE-2018-5522
CVE-2017-6153
CVE-2018-5525
CVE-2018-5523
CWE-ID CWE-400
CWE-20
CWE-200
CWE-77
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
BIG-IP LTM
Hardware solutions / Security hardware applicances

BIG-IP AFM
Hardware solutions / Security hardware applicances

BIG-IP Analytics
Hardware solutions / Security hardware applicances

BIG-IP APM
Hardware solutions / Security hardware applicances

BIG-IP ASM
Hardware solutions / Security hardware applicances

BIG-IP GTM
Hardware solutions / Security hardware applicances

BIG-IP PEM
Hardware solutions / Security hardware applicances

BIG-IP AAM
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP DNS
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP Edge Gateway
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP Link Controller
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP WebAccelerator
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP WebSafe
Server applications / Server solutions for antivurus protection

BIG-IP
Hardware solutions / Firmware

Vendor F5 Networks

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU13510

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5527

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in virtual servers configured with a Client SSL or Server SSL profile due to a flaw in the SSL Forward Proxy feature. A remote unauthenticated attacker can cause the target Traffic Management Microkernel (TMM) to consume excessive memory and cause performance degradation or a system reboot.

Mitigation

The vulnerability is fixed in the version 13.1.0.8.

Vulnerable software versions

BIG-IP LTM: 13.0.0 - 13.1.0

BIG-IP AAM: 13.0.0 - 13.1.0

BIG-IP AFM: 13.0.0 - 13.1.0

BIG-IP Analytics: 13.0.0 - 13.1.0

BIG-IP APM: 13.0.0 - 13.1.0

BIG-IP ASM: 13.0.0 - 13.1.0

BIG-IP DNS: 13.0.0 - 13.1.0

BIG-IP Edge Gateway: 13.0.0 - 13.1.0

BIG-IP GTM: 13.0.0 - 13.1.0

BIG-IP Link Controller: 13.0.0 - 13.1.0

BIG-IP PEM: 13.0.0 - 13.1.0

BIG-IP WebSafe: 13.0.0 - 13.1.0

BIG-IP WebAccelerator: 13.0.0 - 13.1.0

External links

http://support.f5.com/csp/article/K20134942


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU13524

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5528

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient input validation. A remote unauthenticated attacker can send specially crafted BIG-IP APM data and cause the target Traffic Management Microkernel (TMM) to restart.

Mitigation

The vulnerability is fixed in the version 13.1.0.8.

Vulnerable software versions

BIG-IP WebAccelerator: 13.0.0 - 13.1.0

BIG-IP WebSafe: 13.0.0 - 13.1.0

BIG-IP PEM: 13.0.0 - 13.1.0

BIG-IP Link Controller: 13.0.0 - 13.1.0

BIG-IP GTM: 13.0.0 - 13.1.0

BIG-IP Edge Gateway: 13.0.0 - 13.1.0

BIG-IP DNS: 13.0.0 - 13.1.0

BIG-IP ASM: 13.0.0 - 13.1.0

BIG-IP APM: 13.0.0 - 13.1.0

BIG-IP Analytics: 13.0.0 - 13.1.0

BIG-IP AFM: 13.0.0 - 13.1.0

BIG-IP AAM: 13.0.0 - 13.1.0

BIG-IP LTM: 13.0.0 - 13.1.0

External links

http://support.f5.com/csp/article/K27044729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU13562

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5522

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error when when processing DIAMETER transactions. A remote attacker can supply specially crafted attribute-value pairs and cause TMM to crash.

Mitigation

The vulnerability is addressed in the versions 11.6.3.2, 11.5.6, 12.1.3, 13.1.0.

Vulnerable software versions

BIG-IP: 11.2.1 - 13.0.0

External links

http://support.f5.com/csp/article/K54130510


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Denial of service

EUVDB-ID: #VU13561

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6153

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in features that utilizes inflate functionality directly. A remote attacker can use an iRule, or the inflate code from PEM module, conduct a "Zip Bomb" attack and cause the service to crash.

Mitigation

The vulnerability is addressed in the versions 11.6.3.2, 11.5.6, 12.1.3.2, 13.1.0.4.

Vulnerable software versions

BIG-IP: 11.2.1 - 13.1.0

External links

http://support.f5.com/csp/article/K52167636


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU13560

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5525

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists in the F5 BIG-IP Configuration utility due to exposure of files containing F5-provided data only. A local attacker can gain access to arbitrary data.

Mitigation

The vulnerability is addressed in the versions 11.6.3.2, 11.5.6, 12.1.3, 12.1.2 HF1, 13.1.0, 13.0.0 HF1.

Vulnerable software versions

BIG-IP: 11.2.1 - 13.0.0

External links

http://support.f5.com/csp/article/K00363258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Command injection

EUVDB-ID: #VU13559

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5523

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote administrative attacker to execute arbitrary commands on the target system.
The weakness exists due to command injection. A remote attacker can inject and run arbitrary commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility.

Mitigation

The vulnerability is addressed in the versions 11.5.6, 11.6.3.2, 12.1.3.2, 13.0.1, 13.1.0.4.

Vulnerable software versions

BIG-IP: 11.2.1 - 13.1.0

External links

http://support.f5.com/csp/article/K50254952


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###