Denial of Service Vulnerability in F5 BIG-IP Versions 12.1.0 to 13.0.0
CVE-2018-5509
7.5HIGH
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 22 March 2018
Summary
A vulnerability in F5 BIG-IP allows a specially configured virtual server to crash upon receiving specific non-TCP traffic, resulting in a denial of service. This behavior arises under uncommon configurations introduced in versions 12.1.0 and 13.0.0. To mitigate this vulnerability, F5 has enhanced configuration validation logic to prevent the application of risky configurations on virtual servers. The exposure is limited to the data plane with no control plane exposure.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, APM, ASM, Link Controller, PEM, WebSafe) 13.0.0
BIG-IP (LTM, AAM, AFM, APM, ASM, Link Controller, PEM, WebSafe) 12.1.0 - 12.1.3.1
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved