Multiple vulnerabilities in F5 BIG-IP
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-6150 CVE-2018-5501 CVE-2017-6154 CVE-2018-5500 |
| CWE-ID | CWE-20 CWE-400 CWE-401 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
BIG-IP LTM Hardware solutions / Security hardware applicances BIG-IP AFM Hardware solutions / Security hardware applicances BIG-IP Analytics Hardware solutions / Security hardware applicances BIG-IP APM Hardware solutions / Security hardware applicances BIG-IP ASM Hardware solutions / Security hardware applicances BIG-IP PEM Hardware solutions / Security hardware applicances BIG-IP GTM Hardware solutions / Security hardware applicances BIG-IP AAM Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP DNS Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP Link Controller Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP WebAccelerator Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP Edge Gateway Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP WebSafe Server applications / Server solutions for antivurus protection |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU11389
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6150
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper processing of specific large fragmented packets when the Reassemble IP Fragmentsoption is disabled. A remote attacker can send specific large fragmented packets and cause the service to crash.
Update to versions 13.1.0 or 12.1.3.2.
Vulnerable software versionsBIG-IP LTM: 12.1.0 HF1 - 13.0.0
BIG-IP AAM: 12.1.0 HF1 - 13.0.0
BIG-IP AFM: 12.1.0 HF1 - 12.1.2
BIG-IP Analytics: 12.1.0 - 12.1.2
BIG-IP APM: 12.1.0 HF1 - 12.1.2
BIG-IP ASM: 12.1.0 HF1 - 12.1.2
BIG-IP DNS: 12.1.0 - 12.1.2
BIG-IP Link Controller: 12.1.0 HF1 - 12.1.2
BIG-IP PEM: 12.1.0 HF1 - 12.1.2
BIG-IP WebSafe: 12.1.0 HF1 - 12.1.2
CPE2.3- cpe:2.3:h:f5_networks:big-ip_ltm:12.1.0 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:12.1.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:12.1.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_analytics:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:12.1.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:12.1.0 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:12.1.0 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:12.1.0 HF1:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_websafe:12.1.0 HF1:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K62712037
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU11390
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-5501
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to a lack of flow control. A remote attacker can send specially crafted input, trigger excessive buffering and cause the service to crash.
Update to versions 13.0.0 or 12.1.3.2.
Vulnerable software versionsBIG-IP WebSafe: 12.1.0 HF1 - 13.0.0
BIG-IP WebAccelerator: 12.1.0 - 13.0.0
BIG-IP PEM: 12.1.0 HF1 - 13.0.0
BIG-IP Link Controller: 12.1.0 HF1 - 13.0.0
BIG-IP GTM: 12.1.0 - 13.0.0
BIG-IP Edge Gateway: 12.1.0 - 13.0.0
BIG-IP DNS: 12.1.0 - 13.0.0
BIG-IP ASM: 12.1.0 HF1 - 13.0.0
BIG-IP APM: 12.1.0 HF1 - 13.0.0
BIG-IP Analytics: 12.1.0 - 13.0.0
BIG-IP AFM: 12.1.0 HF1 - 13.0.0
BIG-IP AAM: 12.1.0 HF1 - 13.0.0
BIG-IP LTM: 12.1.0 HF1 - 13.0.0
CPE2.3- cpe:2.3:a:f5_networks:big-ip_websafe:12.1.0 HF1:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_websafe:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_websafe:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_webaccelerator:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_webaccelerator:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_webaccelerator:12.1.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:12.1.0 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:12.1.0 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_gtm:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_edge_gateway:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:12.1.0 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:12.1.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_analytics:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:12.1.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:12.1.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:12.1.0 HF1:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K44200194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU11391
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the bd process due to improper processing of crafted data on BIG-IP ASM systems with 48 or more CPU cores. A remote attacker can send specially crafted data, trigger the bd process on the system to produce a core file, which could interrupt the processing of other traffic, and cause the service to crash.
Update to versions 13.1.0, 12.1.3.2 or 11.6.3.
Vulnerable software versionsBIG-IP ASM: 11.6.1 - 13.0.0
CPE2.3- cpe:2.3:h:f5_networks:big-ip_asm:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:11.6.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:12.1.0 HF1:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K38243073
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU11392
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-5500
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to memory leak when establishing a Multipath TCP (MCTCP) connection. A remote attacker who is able to establish an MCTCP connection can consume excessive amounts of memory resources and cause the service to crash.
Update to versions 13.1.0, 12.1.3.2 or 11.6.3.
Vulnerable software versionsBIG-IP LTM: 11.6.1 - 13.0.0
BIG-IP AAM: 11.6.1 - 13.0.0
BIG-IP AFM: 11.6.1 - 13.0.0
BIG-IP Analytics: 11.6.1 - 13.0.0
BIG-IP APM: 11.6.1 - 13.0.0
BIG-IP ASM: 11.6.1 - 13.0.0
BIG-IP DNS: 11.6.1 - 13.0.0
BIG-IP Edge Gateway: 11.6.1 - 13.0.0
BIG-IP GTM: 11.6.1 - 13.0.0
BIG-IP Link Controller: 11.6.1 - 13.0.0
BIG-IP PEM: 11.6.1 - 13.0.0
BIG-IP WebAccelerator: 11.6.1 - 13.0.0
BIG-IP WebSafe: 11.6.1 - 13.0.0
CPE2.3- cpe:2.3:h:f5_networks:big-ip_ltm:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:11.6.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:12.1.0 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.6.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:12.1.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.6.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:12.1.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_analytics:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_edge_gateway:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_gtm:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_webaccelerator:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_websafe:11.6.1:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K33211839
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
