4.3

CVE-2018-5525

A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data.

Data is provided by the National Vulnerability Database (NVD)
F5Big-ip Application Acceleration Manager Version >= 11.2.1 <= 11.5.5
F5Big-ip Application Acceleration Manager Version >= 11.6.0 <= 11.6.3
F5Big-ip Application Acceleration Manager Version >= 12.1.0 < 12.1.3
F5Big-ip Local Traffic Manager Version >= 11.2.1 <= 11.5.5
F5Big-ip Local Traffic Manager Version >= 11.6.0 <= 11.6.3
F5Big-ip Local Traffic Manager Version >= 12.1.0 < 12.1.3
F5Big-ip Local Traffic Manager Version13.0.0
F5Big-ip Advanced Firewall Manager Version >= 11.2.1 <= 11.5.5
F5Big-ip Advanced Firewall Manager Version >= 11.6.0 <= 11.6.3
F5Big-ip Advanced Firewall Manager Version >= 12.1.0 < 12.1.3
F5Big-ip Analytics Version >= 11.2.1 <= 11.5.5
F5Big-ip Analytics Version >= 11.6.0 <= 11.6.3
F5Big-ip Analytics Version >= 12.1.0 < 12.1.3
F5Big-ip Analytics Version >= 13.1.0 <= 13.1.0.4
F5Big-ip Analytics Version13.0.0
F5Big-ip Access Policy Manager Version >= 11.2.1 <= 11.5.5
F5Big-ip Access Policy Manager Version >= 11.6.0 <= 11.6.3
F5Big-ip Access Policy Manager Version >= 12.1.0 < 12.1.3
F5Big-ip Access Policy Manager Version13.0.0
F5Big-ip Application Security Manager Version >= 11.2.1 <= 11.5.5
F5Big-ip Application Security Manager Version >= 11.6.0 <= 11.6.3
F5Big-ip Application Security Manager Version >= 12.1.0 < 12.1.3
F5Big-ip Domain Name System Version >= 11.2.1 <= 11.5.5
F5Big-ip Domain Name System Version >= 11.6.0 <= 11.6.3
F5Big-ip Domain Name System Version >= 12.1.0 < 12.1.3
F5Big-ip Domain Name System Version13.0.0
F5Big-ip Edge Gateway Version >= 11.2.1 <= 11.5.5
F5Big-ip Edge Gateway Version >= 11.6.0 <= 11.6.3
F5Big-ip Edge Gateway Version >= 12.1.0 < 12.1.3
F5Big-ip Edge Gateway Version13.0.0
F5Big-ip Global Traffic Manager Version >= 11.2.1 <= 11.5.5
F5Big-ip Global Traffic Manager Version >= 11.6.0 <= 11.6.3
F5Big-ip Global Traffic Manager Version >= 12.1.0 < 12.1.3
F5Big-ip Global Traffic Manager Version13.0.0
F5Big-ip Link Controller Version >= 11.2.1 <= 11.5.5
F5Big-ip Link Controller Version >= 11.6.0 <= 11.6.3
F5Big-ip Link Controller Version >= 12.1.0 < 12.1.3
F5Big-ip Link Controller Version13.0.0
F5Big-ip Policy Enforcement Manager Version >= 11.2.1 <= 11.5.5
F5Big-ip Policy Enforcement Manager Version >= 11.6.0 <= 11.6.3
F5Big-ip Policy Enforcement Manager Version >= 12.1.0 < 12.1.3
F5Big-ip Webaccelerator Version >= 11.2.1 <= 11.5.5
F5Big-ip Webaccelerator Version >= 11.6.0 <= 11.6.3
F5Big-ip Webaccelerator Version >= 12.1.0 < 12.1.3
F5Big-ip Webaccelerator Version13.0.0
F5Big-ip Fraud Protection Service Version >= 11.2.1 <= 11.5.5
F5Big-ip Fraud Protection Service Version >= 11.6.0 <= 11.6.3
F5Big-ip Fraud Protection Service Version >= 12.1.0 < 12.1.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.16% 0.337
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securitytracker.com/id/1041018
Third Party Advisory
VDB Entry