CVE-2018-5502

HIGH

F5 BIG-IP 13.0.0-13.1.0.3 - Denial of Service via Malicious Client Certificate

Title source: llm
STIX 2.1

Description

On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K43121447
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040561

Scores

CVSS v3 7.5
EPSS 0.0042
EPSS Percentile 61.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-295
Status published
Products (13)
f5/big-ip_access_policy_manager 13.0.0 - 13.1.0.4
f5/big-ip_advanced_firewall_manager 13.0.0 - 13.1.0.4
f5/big-ip_analytics 13.0.0 - 13.1.0.4
f5/big-ip_application_acceleration_manager 13.0.0 - 13.1.0.4
f5/big-ip_application_security_manager 13.0.0 - 13.1.0.4
f5/big-ip_domain_name_system 13.0.0 - 13.1.0.4
f5/big-ip_edge_gateway 13.0.0 - 13.1.0.4
f5/big-ip_global_traffic_manager 13.0.0 - 13.1.0.4
f5/big-ip_link_controller 13.0.0 - 13.1.0.4
f5/big-ip_local_traffic_manager 13.0.0 - 13.1.0.4
... and 3 more
Published Mar 22, 2018
Tracked Since Feb 18, 2026