CVE-2018-5502
First published: Thu Mar 22 2018(Updated: )
On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IP Access Policy Manager | >=13.0.0<13.1.0.4 | |
| F5 BIG-IP Advanced Firewall Manager | >=13.0.0<13.1.0.4 | |
| F5 BIG-IP Analytics | >=13.0.0<13.1.0.4 | |
| F5 Big-ip Application Acceleration Manager | >=13.0.0<13.1.0.4 | |
| F5 BIG-IP Application Security Manager | >=13.0.0<13.1.0.4 | |
| F5 Big-ip Domain Name System | >=13.0.0<=13.1.0.4 | |
| F5 Big-ip Edge Gateway | >=13.0.0<13.1.0.4 | |
| F5 Big-ip Global Traffic Manager | >=13.0.0<13.1.0.4 | |
| F5 Big-ip Link Controller | >=13.0.0<13.1.0.4 | |
| F5 Big-ip Local Traffic Manager | >=13.0.0<13.1.0.4 | |
| F5 Big-ip Policy Enforcement Manager | >=13.0.0<13.1.0.4 | |
| F5 Big-ip Webaccelerator | >=13.0.0<13.1.0.4 | |
| F5 Big-ip Websafe | =1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-5502?
CVE-2018-5502 is a vulnerability on F5 BIG-IP versions 13.0.0 - 13.1.0.3 that allows attackers to disrupt services on the BIG-IP system with a maliciously crafted client certificate.
Which software versions are affected by CVE-2018-5502?
CVE-2018-5502 affects F5 BIG-IP versions 13.0.0 - 13.1.0.3.
What is the severity of CVE-2018-5502?
CVE-2018-5502 has a severity rating of 7.5 (High).
How can an attacker exploit CVE-2018-5502?
An attacker can exploit CVE-2018-5502 by using a maliciously crafted client certificate to disrupt services on the BIG-IP system.
Are there any references for CVE-2018-5502?
Yes, you can find references for CVE-2018-5502 on SecurityTracker and the F5 support website.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/f5
- canonical/f5 big-ip access policy manager
- version/f5 big-ip access policy manager/13.0.0
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/13.0.0
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/13.0.0
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/13.0.0
- canonical/f5 big-ip application security manager
- version/f5 big-ip application security manager/13.0.0
- canonical/f5 big-ip domain name system
- version/f5 big-ip domain name system/13.0.0
- version/f5 big-ip domain name system/13.1.0.4
- canonical/f5 big-ip edge gateway
- version/f5 big-ip edge gateway/13.0.0
- canonical/f5 big-ip global traffic manager
- version/f5 big-ip global traffic manager/13.0.0
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/13.0.0
- canonical/f5 big-ip local traffic manager
- version/f5 big-ip local traffic manager/13.0.0
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/13.0.0
- canonical/f5 big-ip webaccelerator
- version/f5 big-ip webaccelerator/13.0.0
- canonical/f5 big-ip websafe
- version/f5 big-ip websafe/1.0.0