K43121447 : BIG-IP Client SSL vulnerability CVE-2018-5502

2018-03-2100:00:00

my.f5.com

0.001 Low

EPSS

Percentile

40.2%

JSON

Security Advisory Description

Attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure. (CVE-2018-5502)

Impact

The BIG-IP system may temporarily fail to process traffic as it recovers from a Traffic Management Microkernel (TMM) restart, and devices configured as a high-availability (HA) pair may fail over.

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.5.4

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.5.4

Rows per page:

1-10 of 1761

0.001 Low

EPSS

Percentile

40.2%

JSON

Related for F5:K43121447