CVE-2018-5509

moderate-risk

Published 2018-03-22

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure.

Do I need to act?

1.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (8)

Big-Ip Access Policy Manager

Big-Ip Advanced Firewall Manager

Big-Ip Application Acceleration Manager

Big-Ip Application Security Manager

Big-Ip Link Controller

Big-Ip Local Traffic Manager

Big-Ip Policy Enforcement Manager

Big-Ip Websafe

Affected Vendors

References (6)

Third Party Advisory http://www.securityfocus.com/bid/103504

Third Party Advisory http://www.securitytracker.com/id/1040562

Vendor Advisory https://support.f5.com/csp/article/K49440608

Third Party Advisory http://www.securityfocus.com/bid/103504

Third Party Advisory http://www.securitytracker.com/id/1040562

Vendor Advisory https://support.f5.com/csp/article/K49440608

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 4/34 · Minimal

Exposure 14/34 · Moderate