{"containers": {"cna": {"affected": [{"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", "vendor": "F5 Networks, Inc.", "versions": [{"status": "affected", "version": "13.0.0-13.1.0.5"}, {"status": "affected", "version": "12.0.0-12.1.3.3"}]}], "datePublic": "2018-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in \"host-only\" or \"bridged\" mode. VCMP guests which are \"isolated\" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in \"Appliance Mode\" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as \"host-only\" or \"bridged\" mode is required."}], "problemTypes": [{"descriptions": [{"description": "DoS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-03T09:57:01", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K03165684"}, {"name": "1040797", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040797"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "DATE_PUBLIC": "2018-05-01T00:00:00", "ID": "CVE-2018-5518", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", "version": {"version_data": [{"version_value": "13.0.0-13.1.0.5"}, {"version_value": "12.0.0-12.1.3.3"}]}}]}, "vendor_name": "F5 Networks, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in \"host-only\" or \"bridged\" mode. VCMP guests which are \"isolated\" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in \"Appliance Mode\" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as \"host-only\" or \"bridged\" mode is required."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DoS"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K03165684", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K03165684"}, {"name": "1040797", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040797"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:40:50.617Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K03165684"}, {"name": "1040797", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040797"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2018-5518", "datePublished": "2018-05-02T13:00:00Z", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-09-16T19:00:38.214Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "47D07AA7-1E0E-4FC3-B8BF-05729619B0AA", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EC16ED5-2E19-4DC5-8F1D-2197D7CFEEBB", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1521279-5F72-45D7-810E-5D906A44E0A5", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "69B575F8-F179-4648-A6AD-6F1C655A027A", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "95FB4B1F-53F3-45B9-8C49-5FC46ECD637D", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "59E3934C-1BAA-4193-923E-33D515F7D9EA", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "150EE6F4-49A1-4F57-B468-A935DB5F51C1", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "573D868C-4560-4268-8F0E-4BC6EC5D0B4C", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DB0A78D-FE61-4506-AB98-6F20D2BFE48E", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3331F4E7-A17F-41E2-B3FD-0F212626858D", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4349A22-234E-44EC-B324-7CA9DA2F0B57", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "41A8A1C4-E425-40BD-B884-527E7CC62D24", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "17A9F110-8C00-4E3E-9463-8E1E31617FCB", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F2CDD8C-0D75-4E3B-8E21-BC90C7574534", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "54FE9FF3-D508-4372-AFD8-5721AA05F5A7", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "555AC906-C7E8-4E85-8453-498ED7B7205F", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "34C6AD93-361F-4065-92AB-3066A116D72F", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "3360351A-9D4F-410A-BB15-44C92326ED64", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C9CDAFA-2B51-4815-9857-694187C27779", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FBF24E5-6B40-4022-B481-98E4082839A1", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE1518D-8F83-47E9-B183-A998FA8B7CE2", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "1643B722-2B02-4C64-82DD-19788D75BC3F", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "8098C6AC-5AB6-4177-AE2A-D3A6918C4460", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "8105D615-8A59-466A-8369-9AFDAE2AFA61", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FFDAF48-AA60-45D9-B615-D2D785B6DE4E", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5769F2A-FF74-4B40-B25F-B419DBDEECB6", "versionEndIncluding": "13.1.0", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in \"host-only\" or \"bridged\" mode. VCMP guests which are \"isolated\" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in \"Appliance Mode\" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as \"host-only\" or \"bridged\" mode is required."}, {"lang": "es", "value": "En F5 BIG-IP 13.0.0-13.1.0.5 o 12.0.0-12.1.3.3, usuarios root maliciosos con acceso a un VCMP invitado pueden provocar una interrupci\u00f3n del servicio en VCMP invitados adyacentes que se est\u00e9n ejecutando en el mismo host. La explotaci\u00f3n de esta vulnerabilidad hace que el proceso vCMPd en el VCMP invitado adyacente se reinicie y produzca un archivo core. Este problema solo puede explotarse en un VCMP invitado que opere en los modos \"host-only\" o \"bridged\". Los VCMP invitados que est\u00e1n \"aislados\" no se ven afectados por este problema y no proporcionan mecanismos para explotar esta vulnerabilidad. Los invitados desplegados en \"modo appliance\" podr\u00edan verse afectados; sin embargo, el exploit no es posible desde un invitado en modo appliance. Para explotar esta vulnerabilidad, se requiere acceso root en un sistema invitado desplegado en los modos \"host-only\" o \"bridged\"."}], "id": "CVE-2018-5518", "lastModified": "2024-11-21T04:08:58.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-02T13:29:00.740", "references": [{"source": "f5sirt@f5.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040797"}, {"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K03165684"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K03165684"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}