CVE-2018-5518F5 Big-ip Access Policy Manager vulnerability

4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 70.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+10 more
Timeline
PublishedMay 2
Latest updateMay 13

Description

On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to expl

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.0 | Impact: 4.0

Affected Packages13 packages

NVDf5/big-ip_access_policy_manager12.0.012.1.3+1
NVDf5/big-ip_domain_name_system12.0.012.1.3+1
NVDf5/big-ip_websafe12.0.012.1.3+1
NVDf5/big-ip_analytics12.0.012.1.3+1
NVDf5/big-ip_edge_gateway12.0.012.1.3+1

🔴Vulnerability Details

2
GHSA
GHSA-r69h-r767-prvr: On F5 BIG-IP 132022-05-13
CVEList
CVE-2018-5518: On F5 BIG-IP 132018-05-02

📋Vendor Advisories

1
F5
CVE-2018-5518: On F5 BIG-IP 132018-05-02
CVE-2018-5518 — F5 vulnerability | cvebase