CVE-2018-5500

{"id": "CVE-2018-5500", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2018-03-01T16:29:00.337", "references": [{"url": "http://www.securityfocus.com/bid/103217", "tags": ["Third Party Advisory", "VDB Entry"], "source": "f5sirt@f5.com"}, {"url": "https://support.f5.com/csp/article/K33211839", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue."}, {"lang": "es", "value": "En sistemas F5 BIG-IP que ejecutan las versiones 13.0.0, 12.1.0 - 12.1.3.1 o 11.6.1 - 11.6.2, cada conexi\u00f3n Multipath TCP (MCTCP) que se establece filtra una peque\u00f1a cantidad de memoria. Los servidores virtuales que emplean el perfil TCP con la caracter\u00edstica Multipath TCP (MCTCP) habilitada se ver\u00e1n afectados por este problema."}], "lastModified": "2018-03-23T13:39:24.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "597AB2D4-B0E0-4437-9298-C9FC2E34247E", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A3E8BFC-B1CF-4685-BC18-D991DAFE5D03", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ECBB647-0E28-4A45-8E49-A02C4974B6A9", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B74CDA31-23E8-4AB9-9D52-3107185379CF", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C838ECE-BCC6-4D71-A36B-CF053A95BD5C", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34C598BD-EA65-411F-8D2E-BB0C10700B7E", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8F37A2F-1205-4726-8C84-49E555FB3524", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "367A6C6C-8FEC-4040-B199-B5E76B7DB81E", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DEB3F5D-E82B-4B0F-9EF2-0CC7CCCE3E2F", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B2C21C8-E666-4240-80B1-C0184A601524", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BE301F2-BF84-4B0D-BD32-F58899A93106", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F65C12F1-E3E5-4473-A48D-47941A159ED5", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84E884F6-4799-4CCE-9ECC-368FD5C1F5C7", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6CAD89E-DE40-4EC8-B7D4-B0BF809D906F", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9984B71A-89EA-4E5E-8E4D-1EA3D06F003F", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E6B9E75-3DC4-479A-8031-7CA01A682116", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BC5F967-BD7E-4B43-BB24-07B66A7006D9", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2487AD7-F334-4BDF-A7E5-2217608A0016", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2F2D318-6CE1-471C-AF57-8D790000962C", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76C8BE66-5528-468B-8C07-804E34D9B66A", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "730BC966-10B2-4A2E-BF12-EC4DE70DE968", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0B11AC1-E658-47F4-93E0-495190398A5C", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3374BE-6A37-48B5-83D4-D61558A8433E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B848B902-CF3B-4534-823C-4343EAE98A2A", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75CF4931-4586-4843-B9DB-D6C2E37C6571", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "725BAE35-A9A3-4AEF-BAC1-18D445D241D5", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69ED882C-C20B-42D4-9F30-693BD3059307", "versionEndIncluding": "12.1.3.1", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E703FAB-BFCD-47A1-94BD-DD63879DE883"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}