K05112543 : HTTPS monitor vulnerability CVE-2018-5542

2018-07-2400:00:00

my.f5.com

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.7%

JSON

Security Advisory Description

F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. (CVE-2018-5542)

Impact

This vulnerability may allow unauthorized disclosure and modification of monitor traffic by an attacker with a privileged network position (MITM).

Note: This vulnerability affects HTTPS monitors that are configured on Traffic Management Microkernel (TMM) interfaces and monitors that are configured on the management interface (MGMT).

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-ip gtmeq11.2.1
big-ip gtmeq11.5.1
big-ip gtmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-ip gtm	eq	11.2.1
big-ip gtm	eq	11.5.1
big-ip gtm	eq	11.5.2

Rows per page:

1-10 of 191