CVE-2018-5500

CWE-400Uncontrolled Resource ConsumptionCWE-20Improper Input ValidationCWE-399CWE-269Improper Privilege Management10 documents6 sources
Severity
5.9MEDIUM
EPSS
0.7%
top 28.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+10 more
Timeline
PublishedMar 1
Latest updateMay 14

Description

On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages13 packages

NVDf5/big-ip_dns11.6.111.6.2+2
NVDf5/big-ip_websafe11.6.111.6.2+2
NVDf5/big-ip_analytics11.6.111.6.2+2
NVDf5/big-ip_edge_gateway11.6.111.6.2+2
NVDf5/big-ip_webaccelerator11.6.111.6.2+2

🔴Vulnerability Details

2
GHSA
GHSA-6jjh-35m4-xm42: On F5 BIG-IP systems running 132022-05-14
CVEList
CVE-2018-5500: On F5 BIG-IP systems running 132018-03-01

💥Exploits & PoCs

2
Exploit-DB
Cisco Adaptive Security Appliance - Path Traversal2018-06-28
Exploit-DB
DualDesk 20 - 'Proxy.exe' Denial of Service2018-03-02

📋Vendor Advisories

5
Cisco
Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability2018-10-17
Cisco
Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability2018-09-26
Cisco
Cisco Wireless LAN Controller IP Fragment Reassembly Denial of Service Vulnerability2018-05-02
Cisco
Cisco 5500 and 8500 Series Wireless LAN Controller Information Disclosure Vulnerability2018-05-02
F5
CVE-2018-5500: On F5 BIG-IP systems running 132018-03-01