Lucene search

K
f5F5F5:K62750376
HistoryApr 30, 2018 - 12:00 a.m.

K62750376 : RADIUS authentication vulnerability CVE-2018-5515

2018-04-3000:00:00
my.f5.com
7

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

4.8 Medium

AI Score

Confidence

High

6.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

49.6%

Security Advisory Description

Using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. (CVE-2018-5515)

Impact

BIG-IP

When a BIG-IP system receives a RADIUS authentication response from a IPv6 RADIUS server, the affected system produces a Traffic Management Microkernel (TMM) core file and restarts TMM, resulting in a failover event. This vulnerability affects only BIG-IP systems configured with RADIUS authentication for BIG-IP administrative users.

BIG-IQ / F5 iWorkflow / Enterprise Manager / ARX / LineRate / Traffix SDC

There is no impact; these F5 products are not affected by this vulnerability.

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

4.8 Medium

AI Score

Confidence

High

6.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

49.6%

Related for F5:K62750376