On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event.
{"nessus": [{"lastseen": "2023-11-03T16:09:43", "description": "Using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event.\n(CVE-2018-5515)\n\nImpact\n\nBIG-IP\n\nWhen a BIG-IP system receives a RADIUS authentication response from a IPv6 RADIUS server, the affected system produces a Traffic Management Microkernel (TMM) core file and restarts TMM, resulting in a failover event. This vulnerability affects only BIG-IP systems configured with RADIUS authentication for BIG-IP administrative users.\n\nBIG-IQ / F5 iWorkflow / Enterprise Manager / ARX / LineRate / Traffix SDC\n\nThere is no impact; these F5 products are not affected by this vulnerability.", "cvss3": {}, "published": "2018-11-02T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : RADIUS authentication vulnerability (K62750376)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5515"], "modified": "2023-11-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_domain_name_system", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL62750376.NASL", "href": "https://www.tenable.com/plugins/nessus/118688", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K62750376.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118688);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/02\");\n\n script_cve_id(\"CVE-2018-5515\");\n\n script_name(english:\"F5 Networks BIG-IP : RADIUS authentication vulnerability (K62750376)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"Using RADIUS authentication responses from a RADIUS server with IPv6\naddresses may cause TMM to crash, leading to a failover event.\n(CVE-2018-5515)\n\nImpact\n\nBIG-IP\n\nWhen a BIG-IP system receives a RADIUS authentication response from a\nIPv6 RADIUS server, the affected system produces a Traffic Management\nMicrokernel (TMM) core file and restarts TMM, resulting in a failover\nevent. This vulnerability affects only BIG-IP systems configured with\nRADIUS authentication for BIG-IP administrative users.\n\nBIG-IQ / F5 iWorkflow / Enterprise Manager / ARX / LineRate / Traffix\nSDC\n\nThere is no impact; these F5 products are not affected by this\nvulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://my.f5.com/manage/s/article/K62750376\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K62750376.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5515\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_domain_name_system\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude('f5_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar version = get_kb_item('Host/BIG-IP/version');\nif ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');\nif ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');\nif ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');\n\nvar sol = 'K62750376';\nvar vmatrix = {\n 'AFM': {\n 'affected': [\n '13.0.0-13.1.0'\n ],\n 'unaffected': [\n '13.1.0.6'\n ],\n },\n 'AM': {\n 'affected': [\n '13.0.0-13.1.0'\n ],\n 'unaffected': [\n '13.1.0.6'\n ],\n },\n 'APM': {\n 'affected': [\n '13.0.0-13.1.0'\n ],\n 'unaffected': [\n '13.1.0.6'\n ],\n },\n 'ASM': {\n 'affected': [\n '13.0.0-13.1.0'\n ],\n 'unaffected': [\n '13.1.0.6'\n ],\n },\n 'AVR': {\n 'affected': [\n '13.0.0-13.1.0'\n ],\n 'unaffected': [\n '13.1.0.6'\n ],\n },\n 'DNS': {\n 'affected': [\n '13.0.0-13.1.0'\n ],\n 'unaffected': [\n '13.1.0.6'\n ],\n },\n 'GTM': {\n 'affected': [\n '13.0.0-13.1.0'\n ],\n 'unaffected': [\n '13.1.0.6'\n ],\n },\n 'LC': {\n 'affected': [\n '13.0.0-13.1.0'\n ],\n 'unaffected': [\n '13.1.0.6'\n ],\n },\n 'LTM': {\n 'affected': [\n '13.0.0-13.1.0'\n ],\n 'unaffected': [\n '13.1.0.6'\n ],\n },\n 'PEM': {\n 'affected': [\n '13.0.0-13.1.0'\n ],\n 'unaffected': [\n '13.1.0.6'\n ],\n },\n 'WAM': {\n 'affected': [\n '13.0.0-13.1.0'\n ],\n 'unaffected': [\n '13.1.0.6'\n ],\n }\n};\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n var extra = NULL;\n if (report_verbosity > 0) extra = bigip_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n}\nelse\n{\n var tested = bigip_get_tested_modules();\n var audit_extra = 'For BIG-IP module(s) ' + tested + ',';\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, 'running any of the affected modules');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "f5": [{"lastseen": "2020-04-06T22:40:01", "description": "\nF5 Product Development has assigned ID 706086 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H62750376 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | 13.x | 13.0.0 - 13.1.0 | 13.1.0.6 | Medium | [4.4](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H>) | RADIUS auth for BIG-IP administrative users \n12.x | None | Not applicable \n11.x | None | Not applicable \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \nBIG-IQ Cloud and Orchestration | 1.x | None | Not applicable | Not vulnerable | None | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nLineRate | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should ensure that the BIG-IP system authenticates with a trusted and secure RADIUS server.\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-01T01:18:00", "type": "f5", "title": "RADIUS authentication vulnerability CVE-2018-5515", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5515"], "modified": "2018-10-15T18:59:00", "id": "F5:K62750376", "href": "https://support.f5.com/csp/article/K62750376", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}], "prion": [{"lastseen": "2023-11-22T02:48:32", "description": "On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-05-02T13:29:00", "type": "prion", "title": "Authentication flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5515"], "modified": "2018-06-13T15:50:00", "id": "PRION:CVE-2018-5515", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2018-5515", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}]}
CVE-2018-5515
