7.5
CVE-2018-5502
- EPSS 0.62%
- Veröffentlicht 22.03.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:55
- Quelle f5sirt@f5.com
- Teams Watchlist Login
- Unerledigt Login
On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5 ≫ Big-ip Access Policy Manager Version >= 13.0.0 < 13.1.0.4
F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.0.0 < 13.1.0.4
F5 ≫ Big-ip Analytics Version >= 13.0.0 < 13.1.0.4
F5 ≫ Big-ip Application Acceleration Manager Version >= 13.0.0 < 13.1.0.4
F5 ≫ Big-ip Application Security Manager Version >= 13.0.0 < 13.1.0.4
F5 ≫ Big-ip Domain Name System Version >= 13.0.0 <= 13.1.0.4
F5 ≫ Big-ip Edge Gateway Version >= 13.0.0 < 13.1.0.4
F5 ≫ Big-ip Global Traffic Manager Version >= 13.0.0 < 13.1.0.4
F5 ≫ Big-ip Link Controller Version >= 13.0.0 < 13.1.0.4
F5 ≫ Big-ip Local Traffic Manager Version >= 13.0.0 < 13.1.0.4
F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.0.0 < 13.1.0.4
F5 ≫ Big-ip Webaccelerator Version >= 13.0.0 < 13.1.0.4
F5 ≫ Big-ip Websafe Version1.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.675 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.