ID

VAR-201810-0907


CVE

CVE-2018-15318


TITLE

plural F5 BIG-IP Product Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011703

DESCRIPTION

In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition. plural F5 BIG-IP Product Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. A security vulnerability exists in the F5 BIG-IP. An attacker could exploit this vulnerability to cause the BIG-IP system to temporarily fail to process traffic and possibly cause the device to fail over. The following versions are affected: F5 BIG-IP version 14.0.0 to 14.0.0.2, 13.1.0.4 to 13.1.1.1, 12.1.3.4 to 12.1.3.6

Trust: 1.71

sources: NVD: CVE-2018-15318 // JVNDB: JVNDB-2018-011703 // VULHUB: VHN-125565

AFFECTED PRODUCTS

vendor:f5model:big-ip access policy managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:12.1.3.4

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:12.1.3.6

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip advanced firewall managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip analyticsscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application acceleration managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip domain name systemscope: - version: -

Trust: 0.8

vendor:f5model:big-ip edge gatewayscope: - version: -

Trust: 0.8

vendor:f5model:big-ip fraud protection servicescope: - version: -

Trust: 0.8

vendor:f5model:big-ip global traffic managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip link controllerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip local traffic managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip policy enforcement managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip protocol security modulescope: - version: -

Trust: 0.8

vendor:f5model:big-ip webacceleratorscope: - version: -

Trust: 0.8

vendor:f5model:big-ip policy enforcement managerscope:eqversion:13.0.1

Trust: 0.6

vendor:f5model:big-ip link controllerscope:eqversion:13.1.0

Trust: 0.6

vendor:f5model:big-ip link controllerscope:eqversion:13.0.0

Trust: 0.6

vendor:f5model:big-ip policy enforcement managerscope:eqversion:13.1.0

Trust: 0.6

vendor:f5model:big-ip global traffic managerscope:eqversion:13.1.1

Trust: 0.6

vendor:f5model:big-ip link controllerscope:eqversion:14.0.0

Trust: 0.6

vendor:f5model:big-ip policy enforcement managerscope:eqversion:13.0.0

Trust: 0.6

vendor:f5model:big-ip link controllerscope:eqversion:13.1.1

Trust: 0.6

vendor:f5model:big-ip link controllerscope:eqversion:13.0.1

Trust: 0.6

vendor:f5model:big-ip global traffic managerscope:eqversion:14.0.0

Trust: 0.6

sources: CNNVD: CNNVD-201810-1537 // JVNDB: JVNDB-2018-011703 // NVD: CVE-2018-15318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15318
value: HIGH

Trust: 1.0

NVD: CVE-2018-15318
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-1537
value: HIGH

Trust: 0.6

VULHUB: VHN-125565
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15318
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125565
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15318
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125565 // CNNVD: CNNVD-201810-1537 // JVNDB: JVNDB-2018-011703 // NVD: CVE-2018-15318

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-125565 // JVNDB: JVNDB-2018-011703 // NVD: CVE-2018-15318

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1537

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201810-1537

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011703

PATCH

title:K16248201url:https://support.f5.com/csp/article/K16248201

Trust: 0.8

title:F5 BIG-IP Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86512

Trust: 0.6

sources: CNNVD: CNNVD-201810-1537 // JVNDB: JVNDB-2018-011703

EXTERNAL IDS

db:NVDid:CVE-2018-15318

Trust: 2.5

db:JVNDBid:JVNDB-2018-011703

Trust: 0.8

db:CNNVDid:CNNVD-201810-1537

Trust: 0.7

db:VULHUBid:VHN-125565

Trust: 0.1

sources: VULHUB: VHN-125565 // CNNVD: CNNVD-201810-1537 // JVNDB: JVNDB-2018-011703 // NVD: CVE-2018-15318

REFERENCES

url:https://support.f5.com/csp/article/k16248201

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15318

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-15318

Trust: 0.8

sources: VULHUB: VHN-125565 // CNNVD: CNNVD-201810-1537 // JVNDB: JVNDB-2018-011703 // NVD: CVE-2018-15318

SOURCES

db:VULHUBid:VHN-125565
db:CNNVDid:CNNVD-201810-1537
db:JVNDBid:JVNDB-2018-011703
db:NVDid:CVE-2018-15318

LAST UPDATE DATE

2026-06-19T22:21:43.056000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-125565date:2018-12-14T00:00:00
db:CNNVDid:CNNVD-201810-1537date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-011703date:2019-01-18T00:00:00
db:NVDid:CVE-2018-15318date:2026-06-17T01:42:15.133

SOURCES RELEASE DATE

db:VULHUBid:VHN-125565date:2018-10-31T00:00:00
db:CNNVDid:CNNVD-201810-1537date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-011703date:2019-01-18T00:00:00
db:NVDid:CVE-2018-15318date:2018-10-31T14:29:00.313