F5 Big-Ip Asm vulnerabilities

CVE-2018-15329 [HIGH] CWE-862 CVE-2018-15329: On BIG-IP 14 CVE-2018-15329: On BIG-IP 14 On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edg

CVE-2018-15328 [HIGH] CWE-200 CVE-2018-15328: On BIG-IP 14 CVE-2018-15328: On BIG-IP 14 On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP

CVE-2018-15315 [MEDIUM] CWE-79 CVE-2018-15315: On F5 BIG-IP 13 CVE-2018-15315: On F5 BIG-IP 13 On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP FPS, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebAccelerator Affected Versions: 12.1.0 - 12.1.

CVE-2018-15312 [MEDIUM] CWE-79 CVE-2018-15312: On F5 BIG-IP 13 CVE-2018-15312: On F5 BIG-IP 13 On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP FPS, BIG-IP GTM, BI

CVE-2018-15311 [MEDIUM] CVE-2018-15311: When F5 BIG-IP 13 CVE-2018-15311: When F5 BIG-IP 13 When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0.

CVE-2016-7475 [HIGH] CWE-20 CVE-2016-7475: Under some circumstances on BIG-IP 12 CVE-2016-7475: Under some circumstances on BIG-IP 12 Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, Big-Ip Proto

CVE-2018-5531 [HIGH] CWE-20 CVE-2018-5531: Through undisclosed methods, on F5 BIG-IP 13 CVE-2018-5531: Through undisclosed methods, on F5 BIG-IP 13 Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2). Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP D

CVE-2018-5530 [HIGH] CWE-400 CVE-2018-5530: F5 BIG-IP 13 CVE-2018-5530: F5 BIG-IP 13 F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb". Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP Edge Gateway, BIG-IP LTM, BIG-IP PEM, BIG-IP WebSafe Affected Versions: 11.6.0 - 11.6.3.1; 12.1.0 - 12.1.3.5; 13.0.0 - 13.1.0.5 F5 Advisory Articles: K45611803 F5 References: https:

CVE-2018-5542 [HIGH] CWE-20 CVE-2018-5542: F5 BIG-IP 13 CVE-2018-5542: F5 BIG-IP 13 F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP FPS, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebAccelerator Affected Versions: 11.2.1 - 11.6.3; 12.1.0 - 12.1.3; 13.0.0 - 13.

CVE-2018-5539 [HIGH] CVE-2018-5539: Under certain conditions, on F5 BIG-IP ASM 13 CVE-2018-5539: Under certain conditions, on F5 BIG-IP ASM 13 Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file. Affected Products: BIG-IP ASM Affected Versions: 11.2.1; 11.5.1 - 11.5.6; 11.6.1 - 11.6.3; 12.1.0 - 12.1.3; 13.0.0 - 13.1.0 F5 Advisory Ar

CVE-2018-5541 [HIGH] CWE-400 CVE-2018-5541: When F5 BIG-IP ASM 13 CVE-2018-5541: When F5 BIG-IP ASM 13 When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Affected Products: BIG-IP ASM Affected Versions: 11.5.1 - 11.5.5; 11.6.1 - 11.6.3; 12.1.0 - 12.1.3; 13.0.0 - 13.1.0 F5 Advisory Articles: K12403422 F5 References: https://support.

CVE-2018-5537 [MEDIUM] CWE-20 CVE-2018-5537: A remote attacker may be able to disrupt services on F5 BIG-IP 13 CVE-2018-5537: A remote attacker may be able to disrupt services on F5 BIG-IP 13 A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end. Affected Pro

CVE-2018-5534 [HIGH] CWE-20 CVE-2018-5534: Under certain conditions on F5 BIG-IP 13 CVE-2018-5534: Under certain conditions on F5 BIG-IP 13 Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP FPS, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP P

CVE-2018-5535 [HIGH] CWE-20 CVE-2018-5535: On F5 BIG-IP 14 CVE-2018-5535: On F5 BIG-IP 14 On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-I

CVE-2018-5533 [HIGH] CWE-20 CVE-2018-5533: Under certain conditions on F5 BIG-IP 13 CVE-2018-5533: Under certain conditions on F5 BIG-IP 13 Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP FPS, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebAccel

CVE-2018-5532 [MEDIUM] CVE-2018-5532: On F5 BIG-IP 13 CVE-2018-5532: On F5 BIG-IP 13 On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP FPS, BI

CVE-2018-5527 [HIGH] CWE-772 CVE-2018-5527: On BIG-IP 13 CVE-2018-5527: On BIG-IP 13 On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion. A

CVE-2018-5523 [HIGH] CVE-2018-5523: On F5 BIG-IP 13 CVE-2018-5523: On F5 BIG-IP 13 On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Anal

CVE-2018-5513 [HIGH] CWE-20 CVE-2018-5513: On F5 BIG-IP 13 CVE-2018-5513: On F5 BIG-IP 13 On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP D

CVE-2018-5524 [MEDIUM] CVE-2018-5524: Under certain conditions, on F5 BIG-IP 13 CVE-2018-5524: Under certain conditions, on F5 BIG-IP 13 Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BI