fkie_cve-2018-15311
Vulnerability from fkie_nvd
Published
2018-10-10 14:29
Modified
2024-11-21 03:50
Severity ?
Summary
When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K07550539 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K07550539 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "964FF00B-F992-4FE1-BEAD-BC072BC60BFF",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7ECF570-49EC-4F48-9CE7-6E3710DDC516",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "187CB06B-9BE0-4E3A-9182-69546BBB8826",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BD36AA-CC4A-4082-BF64-28521DDECCDA",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6A2E89-7115-4EB1-88B9-7DEF5F2FBEB7",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5DCBDE3-F238-44B3-AB63-1299922FAFDD",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5EEA1-FC7F-460D-96ED-FD9763613B45",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B21E2C-4CAB-43D8-A462-FFB0B72483D7",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "568E18F9-1A18-4BAD-9C20-60CB70B5D0C1",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34651AA8-FC50-4B94-B5E7-1727D282BAAF",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD5ED95-8082-460D-85B4-3D3937BE97A0",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85368A20-7168-4C1A-BE6F-F80BA96A4159",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "077633A7-B626-4C22-B492-ABD50B7F78B6",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "165087E0-EA37-478D-821E-70AB0528CF9F",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FFF4D-C952-4F56-A626-E82AF93B30C3",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF8D490-E6FB-41BD-BA2D-B71BED1E7FED",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE7E7F2-2026-4407-8F0E-168DE0D4F935",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A259A682-12B2-4BEA-A367-C71EAC3F887B",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0A5D75-40BB-4D45-8B02-B29C1563D996",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96E0DD20-1AC3-41CF-9057-489019A439E0",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90EC6DF6-A7DF-4A1C-9D2F-C02EDB5FFCF2",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77AD6CB0-EF75-4A8A-95B7-988B6B041D49",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9400A8-7B8E-477B-AF65-E22790B742A9",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D049B4-0304-403A-8EE1-3311044EFF7B",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B719583F-D2FE-4F29-9FC2-613F979737E6",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "032274E7-5DB3-4531-B72C-95A024C191B0",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22A865A3-489B-4FBA-BD1E-4DD4FD34DB47",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4649CB-EE59-4926-BAE9-F6B8ADE110C5",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8C72E9-69FA-472D-B73F-BB681D0FA108",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1F7BB6-3BF1-4C9A-9F43-9FBD0879B32E",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "541E39AA-D46E-49B5-9D6B-3CF4EC0347AA",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "006E2FB7-4BFB-4CF8-A880-A4E00FA1DEA5",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01164131-51C1-4BAA-BE0C-331E6F604953",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55476ABD-8CC9-49A4-8F20-67D214B7D239",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FBA271-A0EA-4393-A10A-04402B9B4A71",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF721DE-B2C3-4195-B456-D269B909C284",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F34B4F-BA2F-45D9-B2EB-B9196BD6CDF7",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42B81482-D866-45DB-8210-F90F9B11FFD1",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3600BB17-98D0-4B81-A148-1864B1F229E3",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "087D3C0E-886A-4C4D-A6B5-A5EDEBDEF457",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEDF1CC-3C5A-4F4C-A910-11DD6C0C1739",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8257FEF-CF33-4459-B6F6-ECC390852987",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71FC8582-ED48-4C8F-A3AB-0744FFA319E5",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D45AB00-2C55-41F5-BAB3-6DA23C86F5BB",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53427258-7EE1-4827-9D51-C72026D5942F",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3464E75-D419-4D3E-89EE-3BE571A388F4",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF7AC47-D128-4282-846B-4408B12AAC09",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A97847E9-D6BB-4EA9-9CED-1FA868B35B94",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25E4F494-73FC-4755-9946-1C631F7C3640",
"versionEndIncluding": "11.5.6",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15044BE6-FEC9-4325-9EA1-0665FF5F7C36",
"versionEndIncluding": "11.6.3.2",
"versionStartIncluding": "11.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1869E130-99D1-4E15-8BF7-275EF9A20D7F",
"versionEndIncluding": "12.1.3.5",
"versionStartIncluding": "12.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E88E927-3C8E-481A-9447-00082BD73601",
"versionEndIncluding": "13.1.0.5",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0."
},
{
"lang": "es",
"value": "Cuando F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2 o 11.5.1-11.5.6 est\u00e1 procesando tr\u00e1fico TCP especialmente manipulado con la caracter\u00edstica Large Receive Offload (LRO) habilitada, TMM podr\u00eda cerrarse inesperadamente, conduciendo a un evento \"failover\". Esta vulnerabilidad no est\u00e1 expuesta a menos que LRO est\u00e9 habilitado, por lo que la mayor parte de clientes afectados estar\u00e1n en las versiones 13.1.x. LRO ha estado disponible desde la versi\u00f3n 11.4.0, pero no est\u00e1 habilitada por defecto hasta la versi\u00f3n 13.1.0."
}
],
"id": "CVE-2018-15311",
"lastModified": "2024-11-21T03:50:31.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-10T14:29:00.387",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K07550539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K07550539"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.