CVE-2018-15318

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGH
EPSS
0.6%
top 30.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+10 more
Timeline
PublishedOct 31
Latest updateMay 14

Description

In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

NVDf5/big-ip_analytics12.1.3.412.1.3.6+2
NVDf5/big-ip_edge_gateway12.1.3.412.1.3.6+2
NVDf5/big-ip_webaccelerator12.1.3.412.1.3.6+2
NVDf5/big-ip_link_controller12.1.3.412.1.3.6+2
NVDf5/big-ip_domain_name_system12.1.3.412.1.3.6+2

🔴Vulnerability Details

2
GHSA
GHSA-fp95-3grv-5vhw: In BIG-IP 142022-05-14
CVEList
CVE-2018-15318: In BIG-IP 142018-10-31

📋Vendor Advisories

1
F5
CVE-2018-15318: In BIG-IP 142018-10-31
CVE-2018-15318 (HIGH CVSS 7.5) | In BIG-IP 14.0.0-14.0.0.2 | cvebase.io