Flow Management Vulnerability in BIG-IP by F5 Networks
CVE-2018-15318

7.5HIGH

Summary

A vulnerability in F5 Networks' BIG-IP product may lead to unanticipated behavior during the handling of MPTCP connections. If an MPTCP connection receives an abort signal while its initial flow is not designated as the primary flow, it remains active even after the completion of the closing procedure. This can cause TMM (Traffic Management Microkernel) to restart, which may result in the generation of a core file, potentially affecting system stability.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, 12.1.3.4-12.1.3.6

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.