F5 Big-Ip Asm vulnerabilities

CVE-2018-5526 [MEDIUM] CVE-2018-5526: Under certain conditions, on F5 BIG-IP ASM 13 CVE-2018-5526: Under certain conditions, on F5 BIG-IP ASM 13 Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack. Affected Products: BIG-IP ASM Affected Versions: 13.1.0 - 13.1.0.5 F5 Advisory Articles: K62201098 F5 References: https://support.f5.com/csp/article/K62201098

CVE-2018-5522 [MEDIUM] CWE-20 CVE-2018-5522: On F5 BIG-IP 13 CVE-2018-5522: On F5 BIG-IP 13 On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebAccelerator, BIG-IP WebSafe Affected Ver

CVE-2018-5521 [MEDIUM] CWE-79 CVE-2018-5521: On F5 BIG-IP 12 CVE-2018-5521: On F5 BIG-IP 12 On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebAccelerator, BI

CVE-2017-6153 [MEDIUM] CWE-400 CVE-2017-6153: Features in F5 BIG-IP 13 CVE-2017-6153: Features in F5 BIG-IP 13 Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, B

CVE-2018-5525 [MEDIUM] CWE-200 CVE-2018-5525: A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13 CVE-2018-5525: A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13 A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic,

CVE-2018-5512 [HIGH] CVE-2018-5512: On F5 BIG-IP 13 CVE-2018-5512: On F5 BIG-IP 13 On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebAccelerator, BIG-IP WebSafe Affected Versions: 13.1.0 - 13.1.

CVE-2018-5517 [HIGH] CWE-20 CVE-2018-5517: On F5 BIG-IP 13 CVE-2018-5517: On F5 BIG-IP 13 On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link

CVE-2018-5514 [HIGH] CWE-20 CVE-2018-5514: On F5 BIG-IP 13 CVE-2018-5514: On F5 BIG-IP 13 On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-I

CVE-2018-5519 [MEDIUM] CVE-2018-5519: On F5 BIG-IP 13 CVE-2018-5519: On F5 BIG-IP 13 On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, B

CVE-2018-5515 [MEDIUM] CWE-20 CVE-2018-5515: On F5 BIG-IP 13 CVE-2018-5515: On F5 BIG-IP 13 On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebAccelerator, BIG-IP WebSafe Affected Versions: 13.1.0 -

CVE-2018-5520 [MEDIUM] CWE-863 CVE-2018-5520: On an F5 BIG-IP 13 CVE-2018-5520: On an F5 BIG-IP 13 On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Control

CVE-2018-5516 [MEDIUM] CWE-732 CVE-2018-5516: On F5 BIG-IP 13 CVE-2018-5516: On F5 BIG-IP 13 On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged at

CVE-2018-5518 [MEDIUM] CVE-2018-5518: On F5 BIG-IP 13 CVE-2018-5518: On F5 BIG-IP 13 On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests wh

CVE-2018-5506 [CRITICAL] CVE-2018-5506: In F5 BIG-IP 13 CVE-2018-5506: In F5 BIG-IP 13 In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices. Affected Products: BIG-IP AAM, BIG-IP AFM,

CVE-2017-6155 [HIGH] CVE-2017-6155: On F5 BIG-IP 13 CVE-2017-6155: On F5 BIG-IP 13 On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP LTM, BIG-IP Link Controller, BIG-IP

CVE-2017-6148 [HIGH] CWE-20 CVE-2017-6148: Responses to SOCKS proxy requests made through F5 BIG-IP version 13 CVE-2017-6148: Responses to SOCKS proxy requests made through F5 BIG-IP version 13 Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane is not im

CVE-2018-5511 [HIGH] CWE-470 CVE-2018-5511: On F5 BIG-IP 13 CVE-2018-5511: On F5 BIG-IP 13 On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link

CVE-2018-5510 [HIGH] CWE-20 CVE-2018-5510: On F5 BIG-IP 11 CVE-2018-5510: On F5 BIG-IP 11 On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebAccelerator, BIG-IP WebSafe Affected Versions: 11.5.4; 11.5.5 F

CVE-2018-5507 [HIGH] CVE-2018-5507: On F5 BIG-IP versions 13 CVE-2018-5507: On F5 BIG-IP versions 13 On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-

CVE-2017-6158 [MEDIUM] CVE-2017-6158: In F5 BIG-IP 12 CVE-2017-6158: In F5 BIG-IP 12 In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebAccelerator, BIG-IP WebSafe Affected Versions: 11.2.1; 11.5.1 - 11.5.5; 11.6.0 -