CVE-2018-5518 : Security Advisory and Response

A disruption of service vulnerability affecting F5 BIG-IP versions 13.0.0-13.1.0.5 and 12.0.0-12.1.3.3 allows malicious root users to impact adjacent VCMP guests on the same host.

Understanding CVE-2018-5518

This CVE involves a vulnerability in F5 BIG-IP that can be exploited by malicious users to disrupt service on neighboring VCMP guests.

What is CVE-2018-5518?

The vulnerability in F5 BIG-IP versions 13.0.0-13.1.0.5 and 12.0.0-12.1.3.3 enables root users to cause disruptions on adjacent VCMP guests on the same host.

The Impact of CVE-2018-5518

Malicious root users can restart the vCMPd process on adjacent VCMP guests, leading to service disruption.
The issue affects VCMP guests in "host-only" or "bridged" mode but not those in "isolated" mode.

Technical Details of CVE-2018-5518

This section provides technical details of the CVE.

Vulnerability Description

Exploitable by root users with access to a VCMP guest on F5 BIG-IP.
Allows restarting vCMPd process on adjacent VCMP guests, causing service disruption.

Affected Systems and Versions

Products: BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)
Versions: 13.0.0-13.1.0.5, 12.0.0-12.1.3.3

Exploitation Mechanism

Requires root access on a guest system deployed in "host-only" or "bridged" mode.

Mitigation and Prevention

Steps to address and prevent the CVE.

Immediate Steps to Take

Apply vendor-provided patches or updates.
Restrict root access on VCMP guests.
Monitor for unauthorized access or activity.

Long-Term Security Practices

Regularly update and patch F5 BIG-IP systems.
Implement network segmentation to limit the impact of potential attacks.

Patching and Updates

Check F5 Networks' official security advisory for patch availability and guidance.