CVE-2018-5524 — MEDIUM (5.3)

Q: How severe is CVE-2018-5524?

CVE-2018-5524 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-5524?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Local Traffic Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.

Vulnerability Description

Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
F5	Big-Ip Application Acceleration Manager	>= 11.6.1, <= 11.6.3
F5	Big-Ip Local Traffic Manager	>= 11.6.1, <= 11.6.3
F5	Big-Ip Advanced Firewall Manager	>= 11.6.1, <= 11.6.3
F5	Big-Ip Analytics	>= 11.6.1, <= 11.6.3
F5	Big-Ip Access Policy Manager	>= 11.6.1, <= 11.6.3
F5	Big-Ip Application Security Manager	>= 11.6.1, <= 11.6.3
F5	Big-Ip Edge Gateway	>= 11.6.1, <= 11.6.3
F5	Big-Ip Link Controller	>= 11.6.1, <= 11.6.3
F5	Big-Ip Policy Enforcement Manager	>= 11.6.1, <= 11.6.3
F5	Big-Ip Webaccelerator	>= 11.6.1, <= 11.6.3
F5	Big-Ip Fraud Protection Service	>= 11.6.1, <= 11.6.3

References

http://www.securitytracker.com/id/1041020Third Party AdvisoryVDB Entry
https://support.f5.com/csp/article/K53931245Vendor Advisory
http://www.securitytracker.com/id/1041020Third Party AdvisoryVDB Entry
https://support.f5.com/csp/article/K53931245Vendor Advisory

FAQ

What is CVE-2018-5524?

CVE-2018-5524 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware se...

How severe is CVE-2018-5524?

CVE-2018-5524 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-5524?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Local Traffic Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.