Denial of Service Vulnerability in BIG-IP by F5 Networks
CVE-2018-15322

6.5MEDIUM

Key Information:

Vendor: F5
Status: Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe), Big-iq Centralized Management, Big-iq Cloud And Orchestration, Iworkflow, Enterprise Manager
Vendor: CVE Published:; 31 October 2018

Summary

A vulnerability exists in certain versions of F5 Networks' BIG-IP and BIG-IQ products, where a user with tmsh access can trigger a denial of service condition. By continuously executing the 'edit cli preference' command and saving changes to alternate filenames, the user can exhaust the available storage on the /var partition. This can lead to significant system performance degradation and unavailability, impacting network operations.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6

References

https://support.f5.com/csp/article/K28003839

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2018
Vulnerability Reserved
Aug 14, 2018