Vulnerabilities > CVE-2018-5504 - Unspecified vulnerability in F5 products

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
f5
nessus

Summary

In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.

Vulnerable Configurations

Part Description Count
Application
F5
242

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL11718033.NASL
descriptionIn some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed WebSocket requests/responses, which allows remote attackers to cause a denial of service (DoS) or possible remote code execution on the BIG-IP system. (CVE-2018-5504) Impact This vulnerability allowsunauthorized remote code execution and disruption of service through an unspecified crafted WebSocket packet.
last seen2020-03-17
modified2018-11-02
plugin id118630
published2018-11-02
reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/118630
titleF5 Networks BIG-IP : TMM WebSocket vulnerability (K11718033)