Vulnerabilities > CVE-2018-5508 - Unspecified vulnerability in F5 Big-Ip Policy Enforcement Manager

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

nessus

NVD

Published: 2018-04-13

Updated: 2019-10-03

Summary

On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or 11.2.1, under certain conditions, TMM may crash when processing compressed data though a Virtual Server with an associated PEM profile using the content insertion option.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Policy Enforcement Manager 13.0.0 F5 BIG IP Policy Enforcement Manager 11.2.1 F5 BIG IP Policy Enforcement Manager 12.0.0 F5 BIG IP Policy Enforcement Manager 12.1.0 F5 BIG IP Policy Enforcement Manager 12.1.1 F5 BIG IP Policy Enforcement Manager 12.1.2 F5 BIG IP Policy Enforcement Manager 12.1.3 F5 BIG IP Policy Enforcement Manager 11.6.0 F5 BIG IP Policy Enforcement Manager 11.6.1 F5 BIG IP Policy Enforcement Manager 11.6.2 F5 BIG IP Policy Enforcement Manager 11.5.1 F5 BIG IP Policy Enforcement Manager 11.5.2 F5 BIG IP Policy Enforcement Manager 11.5.3 F5 BIG IP Policy Enforcement Manager 11.5.4 F5 BIG IP Policy Enforcement Manager 11.5.4.1 F5 BIG IP Policy Enforcement Manager 11.5.4.2 F5 BIG IP Policy Enforcement Manager 11.5.4.2.74.291 F5 BIG IP Policy Enforcement Manager 11.5.4.3 F5 BIG IP Policy Enforcement Manager 11.5.4.4 F5 BIG IP Policy Enforcement Manager 11.5.5	28

Nessus

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL10329515.NASL
description	Under certain conditions, TMM may produce a core file and restart when processing compressed data though a virtual server with an associated PEM profile using the content insertion option. (CVE-2018-5508) Impact The Traffic Management Microkernel (TMM) generates a core file and restarts. If configured as part of a high availability (HA) device group, the BIG-IP system fails over to the peer device.
last seen	2020-03-17
modified	2018-11-02
plugin id	118627
published	2018-11-02
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118627
title	F5 Networks BIG-IP : BIG-IP PEM vulnerability (K10329515)

References

https://support.f5.com/csp/article/K10329515