ID

VAR-201807-2208


CVE

CVE-2018-5532


TITLE

plural F5 BIG-IP Vulnerabilities related to security functions in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-008183

DESCRIPTION

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. plural F5 BIG-IP The product contains vulnerabilities related to security functions.Information may be tampered with. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. A security vulnerability exists in the F5 BIG-IP. A remote attacker could exploit this vulnerability to cause DNS cache data to persist on the target system. The following versions are affected: F5 BIG-IP version 13.0.0, version 12.1.0 to version 12.1.2, version 11.6.0 to version 11.6.3.1, version 11.2.1 to version 11.5.6

Trust: 1.71

sources: NVD: CVE-2018-5532 // JVNDB: JVNDB-2018-008183 // VULHUB: VHN-135563

AFFECTED PRODUCTS

vendor:f5model:big-ip policy enforcement managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:10.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:11.6.3.1

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip advanced firewall managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip analyticsscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application acceleration managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application security managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip domain name systemscope: - version: -

Trust: 0.8

vendor:f5model:big-ip edge gatewayscope: - version: -

Trust: 0.8

vendor:f5model:big-ip fraud protection servicescope: - version: -

Trust: 0.8

vendor:f5model:big-ip global traffic managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip link controllerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip local traffic managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip policy enforcement managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip webacceleratorscope: - version: -

Trust: 0.8

vendor:f5model:big-ip local traffic managerscope:eqversion:11.4.1

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:11.5.4

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:11.5.3

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:11.5.1

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:11.2.1

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:11.5.5

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:11.4.0

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:11.5.0

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:11.3.0

Trust: 0.6

vendor:f5model:big-ip local traffic managerscope:eqversion:11.5.2

Trust: 0.6

sources: CNNVD: CNNVD-201807-1556 // JVNDB: JVNDB-2018-008183 // NVD: CVE-2018-5532

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5532
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-5532
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-1556
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135563
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5532
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-135563
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5532
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135563 // CNNVD: CNNVD-201807-1556 // JVNDB: JVNDB-2018-008183 // NVD: CVE-2018-5532

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-135563 // JVNDB: JVNDB-2018-008183 // NVD: CVE-2018-5532

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1556

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-1556

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008183

PATCH

title:K48224824url:https://support.f5.com/csp/article/K48224824

Trust: 0.8

title:F5 BIG-IP Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84101

Trust: 0.6

sources: CNNVD: CNNVD-201807-1556 // JVNDB: JVNDB-2018-008183

EXTERNAL IDS

db:NVDid:CVE-2018-5532

Trust: 2.5

db:SECTRACKid:1041345

Trust: 1.7

db:JVNDBid:JVNDB-2018-008183

Trust: 0.8

db:CNNVDid:CNNVD-201807-1556

Trust: 0.7

db:VULHUBid:VHN-135563

Trust: 0.1

sources: VULHUB: VHN-135563 // CNNVD: CNNVD-201807-1556 // JVNDB: JVNDB-2018-008183 // NVD: CVE-2018-5532

REFERENCES

url:https://support.f5.com/csp/article/k48224824

Trust: 1.7

url:http://www.securitytracker.com/id/1041345

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5532

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-5532

Trust: 0.8

sources: VULHUB: VHN-135563 // CNNVD: CNNVD-201807-1556 // JVNDB: JVNDB-2018-008183 // NVD: CVE-2018-5532

SOURCES

db:VULHUBid:VHN-135563
db:CNNVDid:CNNVD-201807-1556
db:JVNDBid:JVNDB-2018-008183
db:NVDid:CVE-2018-5532

LAST UPDATE DATE

2026-06-19T22:21:59.741000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-135563date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201807-1556date:2019-10-23T00:00:00
db:JVNDBid:JVNDB-2018-008183date:2018-10-10T00:00:00
db:NVDid:CVE-2018-5532date:2026-06-17T02:00:28.893

SOURCES RELEASE DATE

db:VULHUBid:VHN-135563date:2018-07-19T00:00:00
db:CNNVDid:CNNVD-201807-1556date:2018-07-19T00:00:00
db:JVNDBid:JVNDB-2018-008183date:2018-10-10T00:00:00
db:NVDid:CVE-2018-5532date:2018-07-19T14:29:00.573