Denial of Service Vulnerability in F5 BIG-IP Software by Malicious VCMP Root User
CVE-2018-5518

5.4MEDIUM

Key Information:

Vendor: F5
Status: Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe)
Vendor: CVE Published:; 2 May 2018

Summary

A vulnerability exists in F5 BIG-IP software that allows malicious root users with access to a Virtual Clustered Multiprocessing (VCMP) guest to disrupt the service of adjacent VCMP guests hosted on the same system. Specifically, when this vulnerability is exploited, the vCMPd process on the affected VCMP guest may restart, resulting in potential service interruptions and the generation of core files. It is important to note that this vulnerability can only be leveraged when the VCMP guest is configured in 'host-only' or 'bridged' mode; isolated guests are unaffected. Additionally, guests running in 'Appliance Mode' may face risks, but no exploit can be executed from these types of guests. To successfully exploit this vulnerability, root access to the vulnerable VCMP guest is required.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0-13.1.0.5

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.0.0-12.1.3.3

References

https://support.f5.com/csp/article/K03165684

x_refsource_CONFIRM

http://www.securitytracker.com/id/1040797

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 2, 2018
Vulnerability Reserved
Jan 12, 2018