PT-2018-12962 · F5 · Big-Ip

Published

2018-10-31

Updated

2018-12-14

CVE-2018-15318

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions BIG-IP versions 12.1.3.4 through 12.1.3.6 BIG-IP versions 13.1.0.4 through 13.1.1.1 BIG-IP versions 14.0.0 through 14.0.0.2

Description The issue occurs when an MPTCP connection receives an abort signal while the initial flow is not the primary flow, causing the initial flow to remain after the closing procedure is complete. This condition may lead to TMM restarting and producing a core file.

Recommendations For BIG-IP versions 12.1.3.4 through 12.1.3.6, update to a version outside of this range to resolve the issue. For BIG-IP versions 13.1.0.4 through 13.1.1.1, update to a version outside of this range to resolve the issue. For BIG-IP versions 14.0.0 through 14.0.0.2, update to a version outside of this range to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-15318

Affected Products

Big-Ip

PT-2018-12962 · F5 · Big-Ip

CVE-2018-15318

Weakness Enumeration

Related Identifiers

Affected Products

References · 3