SSL Decryption Vulnerability in F5 BIG-IP Products by F5 Networks
CVE-2018-5507
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 13 April 2018
Summary
F5 BIG-IP products, specifically versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, and 11.5.1-11.5.5, exhibit a vulnerability where vCMP guests on VIPRION 2100, 4200, and 4300 series blades fail to properly decrypt ciphertext from established SSL sessions when using small MTU. This flaw could potentially lead to data exposure during encrypted communications.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.3.1
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.6.1-11.6.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved