Denial of Service Vulnerability in F5 BIG-IP Versions 12.1.0 to 13.0.0
CVE-2018-5509

7.5HIGH

Key Information:

Vendor
F5
Status
Big-ip (ltm, Aam, Afm, Apm, Asm, Link Controller, Pem, Websafe)
Vendor
CVE Published:
22 March 2018

Summary

A vulnerability in F5 BIG-IP allows a specially configured virtual server to crash upon receiving specific non-TCP traffic, resulting in a denial of service. This behavior arises under uncommon configurations introduced in versions 12.1.0 and 13.0.0. To mitigate this vulnerability, F5 has enhanced configuration validation logic to prevent the application of risky configurations on virtual servers. The exposure is limited to the data plane with no control plane exposure.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, APM, ASM, Link Controller, PEM, WebSafe) 13.0.0

BIG-IP (LTM, AAM, AFM, APM, ASM, Link Controller, PEM, WebSafe) 12.1.0 - 12.1.3.1

References

http://www.securitytracker.com/id/1040562
vdb-entryx_refsource_SECTRACK
https://support.f5.com/csp/article/K49440608
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103504
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.