CVE-2018-15320 - Vulnerability Details

Vendors	Products
F5	Big-ip Access Policy Manager Big-ip Advanced Firewall Manager Big-ip Analytics Big-ip Application Acceleration Manager Big-ip Domain Name System Big-ip Edge Gateway Big-ip Fraud Protection Service Big-ip Global Traffic Manager Big-ip Link Controller Big-ip Local Traffic Manager Big-ip Policy Enforcement Manager Big-ip Protocol Security Module Big-ip Webaccelerator

Link	Providers
https://support.f5.com/csp/article/K72442354

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", "vendor": "F5 Networks, Inc.", "versions": [{"status": "affected", "version": "14.0.0-14.0.0.2, 13.0.0-13.1.1.1"}]}], "datePublic": "2018-10-30T00:00:00", "descriptions": [{"lang": "en", "value": "On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than \"allow-all\"."}], "problemTypes": [{"descriptions": [{"description": "DoS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-31T13:57:01", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K72442354"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "ID": "CVE-2018-15320", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", "version": {"version_data": [{"version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.1.1"}]}}]}, "vendor_name": "F5 Networks, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than \"allow-all\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DoS"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K72442354", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K72442354"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:46:25.460Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K72442354"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2018-15320", "datePublished": "2018-10-31T14:00:00", "dateReserved": "2018-08-14T00:00:00", "dateUpdated": "2024-08-05T09:46:25.460Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) (string)

vendor : F5 Networks, Inc. (string)

versions : [ »

0 : { »

status : affected (string)

version : 14.0.0-14.0.0.2, 13.0.0-13.1.1.1 (string)

}

]

}

]

datePublic : 2018-10-30T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than "allow-all". (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : DoS (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-31T13:57:01 (string)

orgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

shortName : f5 (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.f5.com/csp/article/K72442354 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : f5sirt@f5.com (string)

ID : CVE-2018-15320 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) (string)

version : { »

version_data : [ »

0 : { »

version_value : 14.0.0-14.0.0.2, 13.0.0-13.1.1.1 (string)

}

]

}

]

}

vendor_name : F5 Networks, Inc. (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than "allow-all". (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : DoS (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://support.f5.com/csp/article/K72442354 (string)

refsource : CONFIRM (string)

url : https://support.f5.com/csp/article/K72442354 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T09:46:25.460Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.f5.com/csp/article/K72442354 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

assignerShortName : f5 (string)

cveId : CVE-2018-15320 (string)

datePublished : 2018-10-31T14:00:00 (string)

dateReserved : 2018-08-14T00:00:00 (string)

dateUpdated : 2024-08-05T09:46:25.460Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B189FA9C-D989-460B-85AC-FD39F8E0259E", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3A526B1-EB66-497F-B8B5-45205781B323", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A53D2261-716A-46D4-B1A4-1C1D84F6AF94", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9032E773-CAB2-4108-A86B-04A8383663BE", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "11719D56-D88C-4970-B89E-376D6883857B", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "51218200-4536-4ED9-AA9A-301E2B30B829", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "93B1A472-EA29-4D4E-A27E-F40B0457DE39", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "224F2348-19DC-4242-8A1E-5F5BDCB86B9C", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E55CC546-E22D-4DD3-B0A6-9C4BC65E0951", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E021297A-FD19-446B-B526-7516503B6D24", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DE41473-F2DF-4FA8-B208-2A546DE49CA2", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC852AA9-7C30-44D8-A964-07DF817A4FF2", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "734B216E-67CD-44B3-AA47-2D86BF2D68CF", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D11EBE7-741F-4585-962F-99EAA29C1F0E", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "018D35E1-B5D0-456E-9348-79E6CD0560E2", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "57F6C963-A1BF-4579-9345-D0207269577A", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C762BE7-29D5-47B2-B3A3-8AD9646417B6", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC6B989A-BA55-47F5-8269-D9FA435ECC29", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CFDA5A2-FDB6-4F7A-ADC1-A1016639FCDC", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F534EADF-DA49-4EDD-97F8-C4046E890D8B", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "6010CA3B-B5AB-4C6B-93A9-A148207224B2", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0233F1B-2DDB-4B01-A549-E76C18BBC3F1", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA0A2FCB-564D-4530-B642-624B6A4F1A22", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "90DBE74F-6E43-448F-9479-8FD75D5DCC22", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A5F5C3E-C71C-4FBF-A2F4-68CEC90097DA", "versionEndIncluding": "13.1.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6ADE585-616C-4B40-A40C-EE97A8FAC653", "versionEndIncluding": "14.0.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than \"allow-all\"."}, {"lang": "es", "value": "En BIG-IP 14.0.0-14.0.0.2 o 13.0.0-13.1.1.1, los patrones de tr\u00e1fico no divulgados podr\u00edan conducir a denegaciones de servicio (DoS) para el sistema BIG-IP. La configuraci\u00f3n que expone esta condici\u00f3n es la autodirecci\u00f3n IP de BIG-IP, que forma parte de un grupo VLAN y tiene la opci\u00f3n Port Lockdown configurada con cualquier cosa que no sea \"allow-all\"."}], "id": "CVE-2018-15320", "lastModified": "2024-11-21T03:50:33.310", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-31T14:29:00.423", "references": [{"source": "f5sirt@f5.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.f5.com/csp/article/K72442354"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.f5.com/csp/article/K72442354"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B189FA9C-D989-460B-85AC-FD39F8E0259E (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B3A526B1-EB66-497F-B8B5-45205781B323 (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A53D2261-716A-46D4-B1A4-1C1D84F6AF94 (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9032E773-CAB2-4108-A86B-04A8383663BE (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 11719D56-D88C-4970-B89E-376D6883857B (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 51218200-4536-4ED9-AA9A-301E2B30B829 (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 93B1A472-EA29-4D4E-A27E-F40B0457DE39 (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 224F2348-19DC-4242-8A1E-5F5BDCB86B9C (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E55CC546-E22D-4DD3-B0A6-9C4BC65E0951 (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E021297A-FD19-446B-B526-7516503B6D24 (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7DE41473-F2DF-4FA8-B208-2A546DE49CA2 (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DC852AA9-7C30-44D8-A964-07DF817A4FF2 (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 734B216E-67CD-44B3-AA47-2D86BF2D68CF (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9D11EBE7-741F-4585-962F-99EAA29C1F0E (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 018D35E1-B5D0-456E-9348-79E6CD0560E2 (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 57F6C963-A1BF-4579-9345-D0207269577A (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9C762BE7-29D5-47B2-B3A3-8AD9646417B6 (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DC6B989A-BA55-47F5-8269-D9FA435ECC29 (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

9 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3CFDA5A2-FDB6-4F7A-ADC1-A1016639FCDC (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F534EADF-DA49-4EDD-97F8-C4046E890D8B (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

10 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6010CA3B-B5AB-4C6B-93A9-A148207224B2 (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D0233F1B-2DDB-4B01-A549-E76C18BBC3F1 (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

11 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EA0A2FCB-564D-4530-B642-624B6A4F1A22 (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 90DBE74F-6E43-448F-9479-8FD75D5DCC22 (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

12 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6A5F5C3E-C71C-4FBF-A2F4-68CEC90097DA (string)

versionEndIncluding : 13.1.1.1 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E6ADE585-616C-4B40-A40C-EE97A8FAC653 (string)

versionEndIncluding : 14.0.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than "allow-all". (string)

}

1 : { »

lang : es (string)

value : En BIG-IP 14.0.0-14.0.0.2 o 13.0.0-13.1.1.1, los patrones de tráfico no divulgados podrían conducir a denegaciones de servicio (DoS) para el sistema BIG-IP. La configuración que expone esta condición es la autodirección IP de BIG-IP, que forma parte de un grupo VLAN y tiene la opción Port Lockdown configurada con cualquier cosa que no sea "allow-all". (string)

}

]

id : CVE-2018-15320 (string)

lastModified : 2024-11-21T03:50:33.310 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-10-31T14:29:00.423 (string)

references : [ »

0 : { »

source : f5sirt@f5.com (string)

tags : [ »

0 : Mitigation (string)

1 : Vendor Advisory (string)

]

url : https://support.f5.com/csp/article/K72442354 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mitigation (string)

1 : Vendor Advisory (string)

]

url : https://support.f5.com/csp/article/K72442354 (string)

}

]

sourceIdentifier : f5sirt@f5.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object