CVE-2018-5509

Description

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure.

References

Link	Tags
http://www.securitytracker.com/id/1040562	vdb entry third party advisory
https://support.f5.com/csp/article/K49440608	vendor advisory
http://www.securityfocus.com/bid/103504	vdb entry third party advisory

Frequently Asked Questions

What is the severity of CVE-2018-5509?: CVE-2018-5509 has been scored as a high severity vulnerability.
How to fix CVE-2018-5509?: To fix CVE-2018-5509, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-5509 being actively exploited in the wild?: It is possible that CVE-2018-5509 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-5509?: CVE-2018-5509 affects F5 Networks, Inc. BIG-IP (LTM, AAM, AFM, APM, ASM, Link Controller, PEM, WebSafe).

Description

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions