CVE-2018-5505 : What You Need to Know

CVE-2018-5505 was published on March 21, 2018, by F5 Networks, Inc. The vulnerability affects BIG-IP versions 13.1.0 - 13.1.0.3, potentially leading to TMM restarts during DNS request processing.

Understanding CVE-2018-5505

This CVE involves a specific configuration scenario on F5 BIG-IP devices that can trigger service disruptions.

What is CVE-2018-5505?

CVE-2018-5505 is a Denial of Service (DoS) vulnerability that arises when certain conditions are met in the setup of F5 BIG-IP virtual servers with DNS profiles and TCP Protocol settings.

The Impact of CVE-2018-5505

The vulnerability can result in TMM restarts during DNS request processing, potentially causing service interruptions on affected systems.

Technical Details of CVE-2018-5505

This section delves into the specifics of the vulnerability.

Vulnerability Description

When a virtual server is configured with a DNS profile and TCP Protocol setting on F5 BIG-IP versions 13.1.0 - 13.1.0.3, TMM may restart if both ASM and AVR are provisioned.

Affected Systems and Versions

Product: BIG-IP (ASM and Analytics)
Vendor: F5 Networks, Inc.
Versions: 13.1.0 - 13.1.0.3

Exploitation Mechanism

The vulnerability is triggered by a specific combination of configurations involving DNS profiles, TCP Protocol settings, and the provisioning of ASM and AVR on the affected BIG-IP devices.

Mitigation and Prevention

Protecting systems from CVE-2018-5505 requires immediate actions and long-term security measures.

Immediate Steps to Take

Disable affected configurations if possible
Monitor for unusual TMM restarts or service disruptions

Long-Term Security Practices

Regularly update and patch F5 BIG-IP devices
Follow vendor recommendations for secure configurations

Patching and Updates

Apply patches and updates provided by F5 Networks to address CVE-2018-5505 and prevent potential TMM restarts during DNS request processing.