{ "id": "CVE-2018-5513", "sourceIdentifier": "f5sirt@f5.com", "published": "2018-06-01T14:29:00.457", "lastModified": "2018-08-01T18:52:39.927", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue." }, { "lang": "es", "value": "En F5 BIG-IP, 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o en la versi\u00f3n 11.2.1, un handshake TLS mal formado hace que TMM se cierre inesperadamente, lo que conduce a una interrupci\u00f3n del servicio. Este problema solo se expone en el plano de datos cuando la configuraci\u00f3n Proxy SSL est\u00e1 habilitada. El plano de control no se ha visto afectado por este problema." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "CA292703-A04A-4032-BA6F-F5F084E8E64D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "14E85172-80FB-4A48-A02F-B2BCEEEFD764" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "E5D00EED-F95D-4458-BDC4-3390DE85348B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "C4627B8E-5B22-4A85-98F4-7946F2CFB0F9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "CF94ADC5-CC3E-45C7-B787-5555EC6DA38A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "CB73A745-E16B-4084-8CBE-FBBF8F52E72E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "2CD4DFE3-9071-4808-AE24-2CCA5DB5BA80" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "62071C62-AC69-41B8-A8B2-071A8F7DABDE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "F3E4983E-8B56-423E-9E0F-AC047E854C10" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "2749969B-5CDD-42A4-9DE3-DE111D41969F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "E5011C2D-FBB5-4117-BB97-11DE70117345" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "354250E7-C313-418D-9FCD-FBFC18B3CF20" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "390E918A-E076-4791-B73C-228EAA3ACBF6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "A5455A25-7557-4801-BC0F-8E78149A883C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "79344F94-2CB8-4F08-9373-61614A38476C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "2DE47DBF-8647-444D-BADF-5E6992201CB3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "F4FEC592-99FF-4586-89EB-004198218EFC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "5CC4967B-F2FC-4A94-8A6D-469D5B9F98AA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "6BB42D3A-71EE-4367-9F65-86404D74E59D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "B76E513A-DABD-4A78-A586-6F88854B7632" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "5B3D11D9-EE58-4F13-A395-B6A4C27418E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "961AFB08-734F-4C41-BE91-B4649B23E45F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "397AC4A5-B67C-483B-84F7-8CB294BB460C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "DC2F8409-934B-4DCD-A742-52A101638018" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "299C44C1-E9E2-4E83-8B8A-30D7884C2BA2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "50165503-DAD4-4472-A029-27D378D6B3D8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "1466F808-2596-4028-8884-27EDD5CACB47" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "0B40EBD6-F582-4ACE-BEC6-959504EB533B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F2F72B2-84F2-4FA2-9B53-E98344235EB6" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "08D06C53-1691-4928-B36A-2439CA0109F3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "13414479-696D-41FB-919F-783741919610" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "6A11E433-943D-4D92-B45E-3FA268094278" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "F1001463-64EA-476E-A4E8-E8107A057768" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D3374BE-6A37-48B5-83D4-D61558A8433E" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "C7447192-B0EF-430E-8962-97EA9D58630E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "288029B5-863C-492C-83A6-C206A85201ED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "57CCB85A-6F90-4DB7-B0F8-AE5250E1DCFE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "DC48BE0C-FBEC-4645-A950-A42F2F59B330" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "833EA31B-336A-4B19-959B-E1DB92F56229" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "73EFB5D4-2BB0-402C-8CE2-5F33A68C42AD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "60189636-02D6-44CA-BE2A-7777E3C409CD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "2D97D9DE-C1DC-47DF-A87E-7C466D0E6A11" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "F1EE747C-93E8-478A-BD20-72D517A7D025" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "4016BD06-2BC7-4CBD-806F-2ED718E2418C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "5AD75094-3248-4D37-969E-75272F6F31D6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "60BBFA4D-F3F1-4723-84D3-11304580327C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "9C6F012C-441A-49E2-9C6E-D999181B84C6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "FD85C59D-43E8-4091-B0F6-5ACC40CC7257" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "E7860523-E8B3-4BEE-853A-6F0B5BCDDA5A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "24455CCB-BB1C-49AF-B641-ADFC36CE8D32" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E703FAB-BFCD-47A1-94BD-DD63879DE883" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.1", "versionEndIncluding": "11.5.5", "matchCriteriaId": "9A696047-53E5-4A88-AC5E-D9730C178C9F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndIncluding": "11.6.3", "matchCriteriaId": "622B8503-7952-4316-8F6F-76259C2E5A50" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "937055BD-53FC-4D8E-B965-D676AA5ABA4C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.0.4", "matchCriteriaId": "764CF750-F759-40F9-8BAC-E6F1593B5126" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7" } ] } ] } ], "references": [ { "url": "http://www.securitytracker.com/id/1041017", "source": "f5sirt@f5.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://support.f5.com/csp/article/K46940010", "source": "f5sirt@f5.com", "tags": [ "Vendor Advisory" ] } ] }