CVE-2018-5517 — Improper Input Validation in F5 Big-ip Access Policy Manager

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 26.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +10 more

Timeline

PublishedMay 2

Latest updateMay 14

Description

On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

▶NVDf5/big-ip_link_controller13.1.0 — 13.1.0.5

▶NVDf5/big-ip_websafe13.1.0 — 13.1.0.5

▶NVDf5/big-ip_analytics13.1.0 — 13.1.0.5

▶NVDf5/big-ip_edge_gateway13.1.0 — 13.1.0.5

▶NVDf5/big-ip_webaccelerator13.1.0 — 13.1.0.5

🔴Vulnerability Details

GHSA

GHSA-cmj6-4pjx-ghf8: On F5 BIG-IP 13↗2022-05-14

▶

CVEList

CVE-2018-5517: On F5 BIG-IP 13↗2018-05-02

▶

📋Vendor Advisories

CVE-2018-5517: On F5 BIG-IP 13↗2018-05-02

▶