CVE-2018-15320

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 13.0.0 through 13.1.1.1 F5 BIG-IP versions 14.0.0 through 14.0.0.2

Description The issue arises from undisclosed traffic patterns that may cause denial of service conditions for the BIG-IP system. This condition is exposed when the BIG-IP self IP address is part of a VLAN group and the Port Lockdown setting is configured with anything other than "allow-all".

Recommendations For F5 BIG-IP versions 13.0.0 through 13.1.1.1, consider reconfiguring the Port Lockdown setting to "allow-all" to mitigate the risk. For F5 BIG-IP versions 14.0.0 through 14.0.0.2, consider reconfiguring the Port Lockdown setting to "allow-all" to mitigate the risk. As a temporary workaround, consider restricting the BIG-IP self IP address from being part of a VLAN group until a patch is available.