CVE-2018-5501

CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

5.9MEDIUM

EPSS

0.9%

top 24.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +10 more

Timeline

PublishedMar 1

Latest updateMay 14

Description

In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages13 packages

▶NVDf5/big-ip_link_controller11.5.1 — 11.5.4+4

▶NVDf5/big-ip_dns11.5.1 — 11.5.4+4

▶NVDf5/big-ip_websafe11.5.1 — 11.5.4+4

▶NVDf5/big-ip_analytics11.5.1 — 11.5.4+4

▶NVDf5/big-ip_edge_gateway11.5.1 — 11.5.4+4

🔴Vulnerability Details

GHSA

GHSA-297q-7r2m-g586: In some circumstances, on F5 BIG-IP systems running 13↗2022-05-14

▶

CVEList

CVE-2018-5501: In some circumstances, on F5 BIG-IP systems running 13↗2018-03-01

▶

💥Exploits & PoCs

Exploit-DB

Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)↗2018-11-21

▶

📋Vendor Advisories

CVE-2018-5501: In some circumstances, on F5 BIG-IP systems running 13↗2018-03-01

▶

💬Community

Bugzilla

CVE-2018-1000037 mupdf: multiple reachable assertions in the PDF parser↗2018-05-24

▶

External resources

NVD MITRE

Affected products13

F5 Big-ip Access Policy Manager≥ 11.5.1, ≤ 11.5.4≥ 11.6.1, ≤ 11.6.2≥ 12.1.0, ≤ 12.1.3+2 more

F5 Big-ip Advanced Firewall Manager≥ 11.5.1, ≤ 11.5.4≥ 11.6.1, ≤ 11.6.2≥ 12.1.0, ≤ 12.1.3+2 more

F5 Big-ip Analytics≥ 11.5.1, ≤ 11.5.4≥ 11.6.1, ≤ 11.6.2≥ 12.1.0, ≤ 12.1.3+2 more

F5 Big-ip Application Acceleration Manager≥ 11.5.1, ≤ 11.5.4≥ 11.6.1, ≤ 11.6.2≥ 12.1.0, ≤ 12.1.3+2 more

F5 Big-ip Application Security Manager≥ 11.5.1, ≤ 11.5.4≥ 11.6.1, ≤ 11.6.2≥ 12.1.0, ≤ 12.1.3+2 more

F5 Big-ip DNS≥ 11.5.1, ≤ 11.5.4≥ 11.6.1, ≤ 11.6.2≥ 12.1.0, ≤ 12.1.3+2 more

F5 Big-ip Edge Gateway≥ 11.5.1, ≤ 11.5.4≥ 11.6.1, ≤ 11.6.2≥ 12.1.0, ≤ 12.1.3+2 more

F5 Big-ip Global Traffic Manager≥ 11.5.1, ≤ 11.5.4≥ 11.6.1, ≤ 11.6.2≥ 12.1.0, ≤ 12.1.3+2 more

F5 Big-ip Link Controller≥ 11.5.1, ≤ 11.5.4≥ 11.6.1, ≤ 11.6.2≥ 12.1.0, ≤ 12.1.3+2 more

F5 Big-ip Local Traffic Manager≥ 11.5.1, ≤ 11.5.4≥ 11.6.1, ≤ 11.6.2≥ 12.1.0, ≤ 12.1.3+2 more

Disclosure

PublishedMar 1, 2018

Latest updateMay 14, 2022