SSL Decryption Vulnerability in F5 BIG-IP Products by F5 Networks
CVE-2018-5507

7.5HIGH

Summary

F5 BIG-IP products, specifically versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, and 11.5.1-11.5.5, exhibit a vulnerability where vCMP guests on VIPRION 2100, 4200, and 4300 series blades fail to properly decrypt ciphertext from established SSL sessions when using small MTU. This flaw could potentially lead to data exposure during encrypted communications.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.3.1

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.6.1-11.6.2

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.