CVE-2015-4638 — Improper Input Validation in F5 Big-ip Analytics

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 27.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics F5 Big-ip Application Security Manager +7 more

Timeline

PublishedSep 18

Latest updateMay 17

Description

The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) via a fragmented packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages10 packages

▶NVDf5/big-ip_edge_gateway11.2.1, 11.3.0+1

▶NVDf5/big-ip_link_controller7 versions+6

▶NVDf5/big-ip_analytics7 versions+6

▶NVDf5/big-ip_webaccelerator11.2.1, 11.3.0+1

▶NVDf5/big-ip_local_traffic_manager7 versions+6

🔴Vulnerability Details

GHSA

GHSA-72v7-922f-7x9p: The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11↗2022-05-17

▶

CVEList

CVE-2015-4638: The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11↗2015-09-18

▶