CVE-2018-5513 : Security Advisory and Response
Learn about CVE-2018-5513 affecting F5 BIG-IP versions 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, and 11.2.1. Discover the impact, affected systems, exploitation, and mitigation steps.
F5 Networks, Inc.'s BIG-IP versions 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, and 11.2.1 are susceptible to a TMM crash due to a malformed TLS handshake, potentially causing service disruption.
Understanding CVE-2018-5513
This CVE involves a vulnerability in F5 BIG-IP that can lead to a denial of service (DoS) condition.
What is CVE-2018-5513?
The vulnerability in F5 BIG-IP versions can result in a disruption of service if a TLS handshake is malformed, specifically affecting the data plane when Proxy SSL configuration is enabled.
The Impact of CVE-2018-5513
The issue causes a TMM crash, potentially disrupting services, while the control plane remains unaffected.
Technical Details of CVE-2018-5513
F5 BIG-IP vulnerability details and affected systems.
Vulnerability Description
- Malformed TLS handshake leads to TMM crash
- Data plane affected with Proxy SSL configuration
Affected Systems and Versions
- BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)
- Versions: 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, 11.2.1
Exploitation Mechanism
The vulnerability is exploited by sending a malformed TLS handshake, triggering a TMM crash.
Mitigation and Prevention
Steps to address and prevent CVE-2018-5513.
Immediate Steps to Take
- Disable Proxy SSL configuration if not essential
- Monitor F5 Networks for security advisories
Long-Term Security Practices
- Regularly update and patch F5 BIG-IP devices
- Implement network segmentation and access controls
Patching and Updates
- Apply vendor-supplied patches promptly
- Follow best practices for secure configuration and SSL handling