Memory Leak Vulnerability in BIG-IP by F5 Networks
CVE-2018-5527
7.5HIGH
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 27 June 2018
Summary
A memory leak vulnerability exists in F5 BIG-IP systems impacting any virtual servers utilizing Client SSL or Server SSL profiles with SSL Forward Proxy enabled. A remote attacker can exploit this flaw, leading to gradual memory exhaustion within the Traffic Management Microkernel (tmm). Continuous exploitation may result in degraded system performance or unexpected reboots as memory resources are depleted, ultimately affecting the stability of the entire system.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.1.0-13.1.0..7
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved