Security Bypass in F5 BIG-IP Affected Products
CVE-2018-15321
Key Information:
Summary
A vulnerability exists in F5 BIG-IP products, where users with admin or resource administrator roles, when granted TMSH access, can bypass Appliance Mode restrictions. This allows them to overwrite critical system files, thereby circumventing established security measures that limit TMSH command execution. Attackers with high privilege levels can exploit this flaw, leading to significant risks to the integrity and security of the affected systems.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved