ID

VAR-201810-0913


CVE

CVE-2018-15317


TITLE

plural F5 BIG-IP Cryptographic vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-013266

DESCRIPTION

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted. plural F5 BIG-IP The product contains cryptographic vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. An encryption issue vulnerability exists in the F5 BIG-IP. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. The following versions are affected: F5 BIG-IP versions 14.0.0 to 14.0.0.2, 13.0.0 to 13.1.0.7, 12.1.0 to 12.1.3.5, 11.6.0 to 11.6.3.2, 11.2 .1 in version 11.5.6

Trust: 1.71

sources: NVD: CVE-2018-15317 // JVNDB: JVNDB-2018-013266 // VULHUB: VHN-125564

AFFECTED PRODUCTS

vendor:f5model:big-ip policy enforcement managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:11.6.3.2

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:13.1.0.7

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:12.1.3.5

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:11.6.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.5.6

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:11.2.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip advanced firewall managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip analyticsscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application acceleration managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip domain name systemscope: - version: -

Trust: 0.8

vendor:f5model:big-ip edge gatewayscope: - version: -

Trust: 0.8

vendor:f5model:big-ip fraud protection servicescope: - version: -

Trust: 0.8

vendor:f5model:big-ip global traffic managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip link controllerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip local traffic managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip policy enforcement managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip protocol security modulescope: - version: -

Trust: 0.8

vendor:f5model:big-ip webacceleratorscope: - version: -

Trust: 0.8

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1.1

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:13.1.0

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:11.6.3

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:11.6.2

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1.0

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:13.0.0

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1.2

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:14.0.0

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1.3

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:13.0.1

Trust: 0.6

sources: CNNVD: CNNVD-201810-1536 // JVNDB: JVNDB-2018-013266 // NVD: CVE-2018-15317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15317
value: HIGH

Trust: 1.0

NVD: CVE-2018-15317
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-1536
value: HIGH

Trust: 0.6

VULHUB: VHN-125564
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15317
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125564
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15317
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125564 // CNNVD: CNNVD-201810-1536 // JVNDB: JVNDB-2018-013266 // NVD: CVE-2018-15317

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-125564 // JVNDB: JVNDB-2018-013266 // NVD: CVE-2018-15317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1536

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-1536

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013266

PATCH

title:K43625118url:https://support.f5.com/csp/article/K43625118

Trust: 0.8

title:F5 BIG-IP Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86511

Trust: 0.6

sources: CNNVD: CNNVD-201810-1536 // JVNDB: JVNDB-2018-013266

EXTERNAL IDS

db:NVDid:CVE-2018-15317

Trust: 2.5

db:JVNDBid:JVNDB-2018-013266

Trust: 0.8

db:CNNVDid:CNNVD-201810-1536

Trust: 0.7

db:AUSCERTid:ESB-2019.1310.5

Trust: 0.6

db:VULHUBid:VHN-125564

Trust: 0.1

sources: VULHUB: VHN-125564 // CNNVD: CNNVD-201810-1536 // JVNDB: JVNDB-2018-013266 // NVD: CVE-2018-15317

REFERENCES

url:https://support.f5.com/csp/article/k43625118

Trust: 1.7

url:https://support.f5.com/csp/article/k43625118?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15317

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-15317

Trust: 0.8

url:https://www.auscert.org.au/bulletins/79166

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1310.5/

Trust: 0.6

url:https://support.f5.com/csp/article/k43625118?utm_source=f5support&utm_medium=rss

Trust: 0.1

sources: VULHUB: VHN-125564 // CNNVD: CNNVD-201810-1536 // JVNDB: JVNDB-2018-013266 // NVD: CVE-2018-15317

SOURCES

db:VULHUBid:VHN-125564
db:CNNVDid:CNNVD-201810-1536
db:JVNDBid:JVNDB-2018-013266
db:NVDid:CVE-2018-15317

LAST UPDATE DATE

2026-06-19T23:20:20.952000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-125564date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201810-1536date:2019-10-23T00:00:00
db:JVNDBid:JVNDB-2018-013266date:2019-02-18T00:00:00
db:NVDid:CVE-2018-15317date:2026-06-17T01:42:14.997

SOURCES RELEASE DATE

db:VULHUBid:VHN-125564date:2018-10-31T00:00:00
db:CNNVDid:CNNVD-201810-1536date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-013266date:2019-02-18T00:00:00
db:NVDid:CVE-2018-15317date:2018-10-31T14:29:00.250