CVE-2018-5502
Summary
| CVE | CVE-2018-5502 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-03-22 18:29:00 UTC |
| Updated | 2018-04-20 17:04:00 UTC |
| Description | On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure. |
Risk And Classification
Problem Types: CWE-295
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | All | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | All | All | All | All |
| Application | F5 | Big-ip Analytics | All | All | All | All |
| Application | F5 | Big-ip Analytics | All | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | All | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | All | All | All | All |
| Application | F5 | Big-ip Application Security Manager | All | All | All | All |
| Application | F5 | Big-ip Application Security Manager | All | All | All | All |
| Application | F5 | Big-ip Domain Name System | All | All | All | All |
| Application | F5 | Big-ip Edge Gateway | All | All | All | All |
| Application | F5 | Big-ip Edge Gateway | All | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Link Controller | All | All | All | All |
| Application | F5 | Big-ip Link Controller | All | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | All | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | All | All | All | All |
| Application | F5 | Big-ip Webaccelerator | All | All | All | All |
| Application | F5 | Big-ip Webaccelerator | All | All | All | All |
| Application | F5 | Big-ip Websafe | 1.0.0 | All | All | All |
| Application | F5 | Big-ip Websafe | 1.0.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.f5.com/csp/article/K43121447 | CONFIRM | support.f5.com | Vendor Advisory |
| F5 BIG-IP Client SSL Certificate Processing Flaw Lets Remote Users Cause the Target System to Reload - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.