CVE-2018-5514 — Improper Input Validation in F5 Big-ip Access Policy Manager

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.7%

top 14.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +10 more

Timeline

PublishedMay 2

Latest updateMay 14

Description

On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

▶NVDf5/big-ip_link_controller13.1.0 — 13.1.0.5

▶NVDf5/big-ip_websafe13.1.0 — 13.1.0.5

▶NVDf5/big-ip_analytics13.1.0 — 13.1.0.5

▶NVDf5/big-ip_edge_gateway13.1.0 — 13.1.0.5

▶NVDf5/big-ip_webaccelerator13.1.0 — 13.1.0.5

🔴Vulnerability Details

GHSA

GHSA-mfwm-cpg4-4mww: On F5 BIG-IP 13↗2022-05-14

▶

CVEList

CVE-2018-5514: On F5 BIG-IP 13↗2018-05-02

▶

📋Vendor Advisories

CVE-2018-5514: On F5 BIG-IP 13↗2018-05-02

▶