CVE-2018-5518

CVE-2018-5518 is a medium-severity vulnerability in F5 Big-ip Local Traffic Manager with a CVSS 3.x base score of 5.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required.

Frequently asked questions

What is CVE-2018-5518?
On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required.
How severe is CVE-2018-5518?
CVE-2018-5518 has a CVSS 3.x base score of 5.4, rated medium severity. It is exploitable over an adjacent network with high attack complexity, requires high privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
Is CVE-2018-5518 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (34th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2018-5518?
CVE-2018-5518 primarily affects F5 Big-ip Local Traffic Manager. In total, 13 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2018-5518?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2018-5518 published?
CVE-2018-5518 was published on 2018-05-02 and last updated on 2026-06-17.

References

Affected products (13)

More vulnerabilities in F5 Big-ip Local Traffic Manager

All CVEs affecting F5 Big-ip Local Traffic Manager →