CVE-2018-5504F5 Big-ip Domain Name System vulnerability

4 documents4 sources
Severity
8.1HIGHNVD
EPSS
2.9%
top 13.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+10 more
Timeline
PublishedMar 22
Latest updateMay 13

Description

In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages13 packages

NVDf5/big-ip_domain_name_system12.1.012.1.3.2+1
NVDf5/big-ip_local_traffic_manager12.1.012.1.3.2+1
NVDf5/big-ip_global_traffic_manager12.1.012.1.3.2+1
NVDf5/big-ip_analytics12.1.012.1.3.2+1
NVDf5/big-ip_edge_gateway12.1.012.1.3.2+1

🔴Vulnerability Details

2
GHSA
GHSA-649f-3xhr-r5cg: In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows2022-05-13
CVEList
CVE-2018-5504: In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows2018-03-22

📋Vendor Advisories

1
F5
CVE-2018-5504: In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets...2018-03-22
CVE-2018-5504 — F5 vulnerability | cvebase