CVE-2018-5504
22.03.2018, 18:29
In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.Enginsight
| Vendor | Product | Version |
|---|---|---|
| f5 | big-ip_access_policy_manager | 12.1.0 ≤ 𝑥 < 12.1.3.2 |
| f5 | big-ip_access_policy_manager | 13.0.0 ≤ 𝑥 < 13.1.0.4 |
| f5 | big-ip_advanced_firewall_manager | 12.1.0 ≤ 𝑥 ≤ 12.1.3.2 |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 ≤ 𝑥 < 13.1.0.4 |
| f5 | big-ip_analytics | 12.1.0 ≤ 𝑥 < 12.1.3.2 |
| f5 | big-ip_analytics | 13.0.0 ≤ 𝑥 < 13.1.0.4 |
| f5 | big-ip_application_acceleration_manager | 12.1.0 ≤ 𝑥 < 12.1.3.2 |
| f5 | big-ip_application_acceleration_manager | 13.0.0 ≤ 𝑥 < 13.1.0.4 |
| f5 | big-ip_application_security_manager | 12.1.0 ≤ 𝑥 < 12.1.3.2 |
| f5 | big-ip_application_security_manager | 13.0.0 ≤ 𝑥 < 13.1.0.4 |
| f5 | big-ip_domain_name_system | 12.1.0 ≤ 𝑥 < 12.1.3.2 |
| f5 | big-ip_domain_name_system | 13.0.0 ≤ 𝑥 ≤ 13.1.0.4 |
| f5 | big-ip_edge_gateway | 12.1.0 ≤ 𝑥 < 12.1.3.2 |
| f5 | big-ip_edge_gateway | 13.0.0 ≤ 𝑥 < 13.1.0.4 |
| f5 | big-ip_global_traffic_manager | 12.1.0 ≤ 𝑥 < 12.1.3.2 |
| f5 | big-ip_global_traffic_manager | 13.0.0 ≤ 𝑥 < 13.1.0.4 |
| f5 | big-ip_link_controller | 12.1.0 ≤ 𝑥 < 12.1.3.2 |
| f5 | big-ip_link_controller | 13.0.0 ≤ 𝑥 < 13.1.0.4 |
| f5 | big-ip_local_traffic_manager | 12.1.0 ≤ 𝑥 < 12.1.3.2 |
| f5 | big-ip_local_traffic_manager | 13.0.0 ≤ 𝑥 < 13.1.0.4 |
| f5 | big-ip_policy_enforcement_manager | 12.1.0 ≤ 𝑥 < 12.1.3.2 |
| f5 | big-ip_policy_enforcement_manager | 13.0.0 ≤ 𝑥 < 13.1.0.4 |
| f5 | big-ip_webaccelerator | 12.1.0 ≤ 𝑥 < 12.1.3.2 |
| f5 | big-ip_webaccelerator | 13.0.0 ≤ 𝑥 < 13.1.0.4 |
| f5 | big-ip_websafe | 1.0.0 |
𝑥
= Vulnerable software versions