4.7
CVE-2018-5516
- EPSS 0.12%
- Published 02.05.2018 13:29:00
- Last modified 21.11.2024 04:08:58
- Source f5sirt@f5.com
- Teams watchlist Login
- Open Login
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
Data is provided by the National Vulnerability Database (NVD)
F5 ≫ Big-ip Local Traffic Manager Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Local Traffic Manager Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Local Traffic Manager Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Application Acceleration Manager Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Application Acceleration Manager Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Application Acceleration Manager Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Advanced Firewall Manager Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Advanced Firewall Manager Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Analytics Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Analytics Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Analytics Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Access Policy Manager Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Access Policy Manager Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Access Policy Manager Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Application Security Manager Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Application Security Manager Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Application Security Manager Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Edge Gateway Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Edge Gateway Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Edge Gateway Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Global Traffic Manager Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Global Traffic Manager Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Global Traffic Manager Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Link Controller Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Link Controller Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Link Controller Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Policy Enforcement Manager Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Policy Enforcement Manager Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Webaccelerator Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Webaccelerator Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Webaccelerator Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Websafe Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Websafe Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Websafe Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Domain Name System Version >= 11.2.1 <= 11.6.3
F5 ≫ Big-ip Domain Name System Version >= 12.1.0 <= 12.1.2
F5 ≫ Big-ip Domain Name System Version >= 13.0.0 <= 13.1.0
F5 ≫ Big-ip Enterprise Manager Version3.1.1
F5 ≫ Big-iq Centralized Management Version >= 5.0.0 <= 5.4.0
F5 ≫ Big-iq Centralized Management Version4.6.0
F5 ≫ Big-iq Cloud And Orchestration Version1.0.0
F5 ≫ F5 Iworkflow Version >= 2.0.2 <= 2.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.308 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.7 | 3.4 | 6.9 |
AV:L/AC:M/Au:N/C:C/I:N/A:N
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.