CVE-2018-15318

EPSS 0.61%
Published 31.10.2018 14:29:00
Last modified 21.11.2024 03:50:33
Source f5sirt@f5.com
Teams watchlist Login
Open Login

In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

F5 ≫ Big-ip Local Traffic Manager Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Local Traffic Manager Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Local Traffic Manager Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Advanced Firewall Manager Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Advanced Firewall Manager Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Application Acceleration Manager Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Application Acceleration Manager Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Application Acceleration Manager Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Analytics Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Analytics Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Analytics Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Access Policy Manager Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Access Policy Manager Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Access Policy Manager Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Protocol Security Module Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Protocol Security Module Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Protocol Security Module Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Domain Name System Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Domain Name System Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Domain Name System Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Edge Gateway Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Edge Gateway Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Edge Gateway Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Fraud Protection Service Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Fraud Protection Service Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Fraud Protection Service Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Global Traffic Manager Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Global Traffic Manager Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Global Traffic Manager Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Link Controller Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Link Controller Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Link Controller Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Policy Enforcement Manager Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Policy Enforcement Manager Version >= 14.0.0 <= 14.0.0.2

F5 ≫ Big-ip Webaccelerator Version >= 12.1.3.4 <= 12.1.3.6

F5 ≫ Big-ip Webaccelerator Version >= 13.0.0 <= 13.1.1.1

F5 ≫ Big-ip Webaccelerator Version >= 14.0.0 <= 14.0.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.61%	0.673

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://support.f5.com/csp/article/K16248201

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-15318

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15318

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15318

EUVD