4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.1%
On F5 BIG-IP 13.1.0 - 13.1.0.3, when ASM and one or more of these modules (AFM/AVR) are provisioned, the Traffic Management Microkernel (TMM) may restart while processing DNS requests when thevirtual server is configured with a DNS profile and the Protocol setting is set to TCP . (CVE-2018-5505)
Note : The BIG-IP Analytics (AVR) module isautomatically enabled when BIG-IP AFM is provisioned.
Impact
An attacker may be able to execute a remote denial of service.
Disabling any of the components mentioned in the description (for example, removing the DNS profile from the virtual server) avoids the issue. Virtual servers configured with UDP forthe Protocol setting are not affected.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K23520761.
#
# The text description of this plugin is (C) F5 Networks.
#
include('compat.inc');
if (description)
{
script_id(118645);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/03");
script_cve_id("CVE-2018-5505");
script_name(english:"F5 Networks BIG-IP : BIG-IP ASM and BIG-IP AFM/BIG-IP Analytics vulnerability (K23520761)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"On F5 BIG-IP 13.1.0 - 13.1.0.3, when ASM and one or more of these
modules (AFM/AVR) are provisioned, the Traffic Management Microkernel
(TMM) may restart while processing DNS requests when thevirtual server
is configured with a DNS profile and the Protocol setting is set to
TCP . (CVE-2018-5505)
Note : The BIG-IP Analytics (AVR) module isautomatically enabled when
BIG-IP AFM is provisioned.
Impact
An attacker may be able to execute a remote denial of service.
Disabling any of the components mentioned in the description (for
example, removing the DNS profile from the virtual server) avoids the
issue. Virtual servers configured with UDP forthe Protocol setting are
not affected.");
script_set_attribute(attribute:"see_also", value:"https://my.f5.com/manage/s/article/K23520761");
script_set_attribute(attribute:"solution", value:
"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K23520761.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5505");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/22");
script_set_attribute(attribute:"patch_publication_date", value:"2018/03/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"F5 Networks Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");
exit(0);
}
include('f5_func.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var version = get_kb_item('Host/BIG-IP/version');
if ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');
if ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');
if ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');
var sol = 'K23520761';
var vmatrix = {
'AVR': {
'affected': [
'13.1.0'
],
'unaffected': [
'14.0.0','13.1.1','13.1.0.4'
],
}
};
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
var extra = NULL;
if (report_verbosity > 0) extra = bigip_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
}
else
{
var tested = bigip_get_tested_modules();
var audit_extra = 'For BIG-IP module(s) ' + tested + ',';
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, 'running the affected module AVR');
}
Vendor | Product | Version | CPE |
---|---|---|---|
f5 | big-ip_application_visibility_and_reporting | cpe:/a:f5:big-ip_application_visibility_and_reporting | |
f5 | big-ip | cpe:/h:f5:big-ip |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.1%