Vulnerability CVE-2018-5518

Vulnerability Name:

CVE-2018-5518 (CCN-142673)

Assigned:

2018-05-01

Published:

2018-05-01

Updated:

2019-10-03

Summary:

On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required.

CVSS v3 Severity:

5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H)
4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

2.3 Low (CVSS v2 Vector: AV:A/AC:M/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.1 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2018-5518

Source: CCN
Type: SECTRACK ID: 1040797
F5 BIG-IP vCMP Bug Lets Local Users on a Guest System Cause Denial of Service Conditions on Other Guest Systems

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1040797

Source: XF
Type: UNKNOWN
f5-cve20185518-dos(142673)

Source: CCN
Type: F5 Security Advisory K03165684
vCMP vulnerability CVE-2018-5518

Source: CONFIRM
Type: Vendor Advisory
https://support.f5.com/csp/article/K03165684

Vulnerable Configuration:

Configuration 1:

cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 2:

cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 3:

cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 4:

cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 5:

cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 6:

cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 7:

cpe:/a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 8:

cpe:/a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 9:

cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 10:

cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 11:

cpe:/a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 12:

cpe:/a:f5:big-ip_websafe:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_websafe:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration 13:

cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.3)

OR cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

Configuration CCN 1:

cpe:/a:f5:big-ip:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip:13.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip:13.1.0.5:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip:12.1.3.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK