CVE-2015-8240F5 Big-ip Analytics vulnerability

CWE-195 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 21.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+7 more
Timeline
PublishedApr 11
Latest updateMay 17

Description

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers to cause a denial of service via unspecified vectors, related to the tm.minpathmtu database variable.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

NVDf5/big-ip_link_controller11.4.1, 11.5.3, 11.6.0+2
NVDf5/big-ip_analytics11.4.1, 11.5.3, 11.6.0+2
NVDf5/big-ip_local_traffic_manager11.4.1, 11.5.3, 11.6.0+2
NVDf5/big-ip_global_traffic_manager11.4.1, 11.5.3, 11.6.0+2
NVDf5/big-ip_access_policy_manager11.4.1, 11.5.3, 11.6.0+2

🔴Vulnerability Details

2
GHSA
GHSA-52h8-3q6w-fv2x: The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 112022-05-17
CVEList
CVE-2015-8240: The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 112016-04-11

💬Community

2
Bugzilla
CVE-2015-6908 openldap: ber_get_next denial of service vulnerability2015-09-11
Bugzilla
CVE-2014-8240 tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling2014-10-10
CVE-2015-8240 — F5 Big-ip Analytics vulnerability | cvebase