CVE-2013-6016 — Improper Input Validation in F5 Big-ip Edge Gateway

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGHNVD

EPSS

1.3%

top 20.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Application Security Manager F5 Big-ip Edge Gateway +6 more

Timeline

PublishedOct 26

Latest updateMay 17

Description

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion fai…

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages9 packages

▶NVDf5/big-ip_edge_gateway5 versions+4

▶NVDf5/big-ip_link_controller7 versions+6

▶NVDf5/big-ip_webaccelerator22 versions+21

▶NVDf5/big-ip_local_traffic_manager7 versions+6

▶NVDf5/big-ip_global_traffic_manager7 versions+6

🔴Vulnerability Details

GHSA

GHSA-4776-8p53-v33g: The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10↗2022-05-17

▶

CVEList

CVE-2013-6016: The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10↗2013-10-26

▶