CVE-2018-15311

MEDIUM

F5 BIG-IP 11.5.1-11.6.3.2, 12.1.0-12.1.3.5, 13.0.0-13.1.0.5 DoS via Large Receive Offload TCP Traffic

Title source: llm
STIX 2.1

Description

When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0.

References (1)

Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K07550539

Scores

CVSS v3 5.9
EPSS 0.0353
EPSS Percentile 87.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (13)
f5/big-ip_access_policy_manager 11.5.1 - 11.5.6
f5/big-ip_advanced_firewall_manager 11.5.1 - 11.5.6
f5/big-ip_analytics 11.5.1 - 11.5.6
f5/big-ip_application_acceleration_manager 11.5.1 - 11.5.6
f5/big-ip_application_security_manager 11.5.1 - 11.5.6
f5/big-ip_domain_name_system 11.5.1 - 11.5.6
f5/big-ip_edge_gateway 11.5.1 - 11.5.6
f5/big-ip_fraud_protection_service 11.5.1 - 11.5.6
f5/big-ip_global_traffic_manager 11.5.1 - 11.5.6
f5/big-ip_link_controller 11.5.1 - 11.5.6
... and 3 more
Published Oct 10, 2018
Tracked Since Feb 18, 2026