CVE-2018-5508 — F5 Big-ip Policy Enforcement Manager vulnerability

4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.6%

top 29.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Policy Enforcement Manager F5 Networks INC Big-ip

Timeline

PublishedApr 13

Latest updateMay 13

Description

On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or 11.2.1, under certain conditions, TMM may crash when processing compressed data though a Virtual Server with an associated PEM profile using the content insertion option.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDf5/big-ip_policy_enforcement_manager11.5.1 — 11.5.5+4

▶CVEListV5f5_networks_inc/big-ip5 versions+4

🔴Vulnerability Details

GHSA

GHSA-8pm9-x397-wxmf: On F5 BIG-IP PEM versions 13↗2022-05-13

▶

CVEList

CVE-2018-5508: On F5 BIG-IP PEM versions 13↗2018-04-13

▶

📋Vendor Advisories

CVE-2018-5508: On F5 BIG-IP PEM versions 13↗2018-04-13

▶