CVE-2018-5537Improper Input Validation in F5 Big-ip Access Policy Manager

CWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.7%
top 28.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Acceleration Manager+7 more
Timeline
PublishedJul 25
Latest updateMay 14

Description

A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages10 packages

NVDf5/big-ip_websafe11.2.111.5.6+3
NVDf5/big-ip_edge_gateway11.2.111.5.6+3
NVDf5/big-ip_webaccelerator11.2.111.5.6+3
NVDf5/big-ip_access_policy_manager11.2.111.5.6+3
NVDf5/big-ip_local_traffic_manager11.2.111.5.6+3

🔴Vulnerability Details

2
GHSA
GHSA-qm9v-23h5-wm7p: A remote attacker may be able to disrupt services on F5 BIG-IP 132022-05-14
CVEList
CVE-2018-5537: A remote attacker may be able to disrupt services on F5 BIG-IP 132018-07-25

📋Vendor Advisories

1
F5
CVE-2018-5537: A remote attacker may be able to disrupt services on F5 BIG-IP 132018-07-25
CVE-2018-5537 — Improper Input Validation in F5 | cvebase