5.4

CVE-2018-5518

EPSS 0.11%
Published 02.05.2018 13:29:00
Last modified 21.11.2024 04:08:58
Source f5sirt@f5.com
Teams watchlist Login
Open Login

On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

F5 ≫ Big-ip Local Traffic Manager Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Local Traffic Manager Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Application Acceleration Manager Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Application Acceleration Manager Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Advanced Firewall Manager Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Analytics Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Analytics Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Access Policy Manager Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Access Policy Manager Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Application Security Manager Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Application Security Manager Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Edge Gateway Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Edge Gateway Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Global Traffic Manager Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Global Traffic Manager Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Link Controller Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Link Controller Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Policy Enforcement Manager Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Webaccelerator Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Webaccelerator Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Websafe Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Websafe Version >= 13.0.0 <= 13.1.0

F5 ≫ Big-ip Domain Name System Version >= 12.0.0 <= 12.1.3

F5 ≫ Big-ip Domain Name System Version >= 13.0.0 <= 13.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.267

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	1	4	CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	2.3	4.4	2.9	AV:A/AC:M/Au:S/C:N/I:N/A:P

http://www.securitytracker.com/id/1040797

Third Party Advisory

VDB Entry

https://support.f5.com/csp/article/K03165684

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-5518

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5518

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5518

EUVD