Memory Leak Vulnerability in BIG-IP by F5 Networks
CVE-2018-5527

7.5HIGH

Key Information:

Vendor
F5
Status
Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe)
Vendor
CVE Published:
27 June 2018

Summary

A memory leak vulnerability exists in F5 BIG-IP systems impacting any virtual servers utilizing Client SSL or Server SSL profiles with SSL Forward Proxy enabled. A remote attacker can exploit this flaw, leading to gradual memory exhaustion within the Traffic Management Microkernel (tmm). Continuous exploitation may result in degraded system performance or unexpected reboots as memory resources are depleted, ultimately affecting the stability of the entire system.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.1.0-13.1.0..7

References

http://www.securitytracker.com/id/1041196
vdb-entryx_refsource_SECTRACK
https://support.f5.com/csp/article/K20134942
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.