CVE-2018-5502

Published Mar 22, 2018

Last updated 3 months ago

CVSS high 7.5

Overview

Description: On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure.
Source: f5sirt@f5.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-295

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "894DA18C-0B22-45B1-8677-8979F1143216",
            "versionEndExcluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "445A66D4-37C1-42A8-A1CA-1D1E2C25E1E2",
            "versionEndExcluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE859987-9C3E-42A9-86E2-122B12090A15",
            "versionEndExcluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C8DAACD-71E0-4A83-A7ED-14BE366ACD1D",
            "versionEndExcluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA630386-C3DC-404E-9011-8DA3CD2F5865",
            "versionEndExcluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6170B579-4770-4550-85B7-B784328DC2FF",
            "versionEndIncluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8766D2F-4D5D-4C78-B29D-1C5648B732D3",
            "versionEndExcluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "717B4A2F-C7E5-45FE-8CD5-8D9E0872B614",
            "versionEndExcluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B23C430B-7477-4060-B68A-19B2B441F5EE",
            "versionEndExcluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0330565-B391-4121-81EB-601BAEA7BD50",
            "versionEndExcluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED65A801-F4BE-4067-903E-8997A13FFEF9",
            "versionEndExcluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E231E105-5DBE-4FEC-8DB2-BEB91AC32F1D",
            "versionEndExcluding": "13.1.0.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_websafe:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E6556BF-A50D-4872-BF81-9397A7ECEC9C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References