Command Restriction Bypass in F5 BIG-IP Configuration Utility
CVE-2018-15327

7.2HIGH

Summary

In certain versions of F5 BIG-IP and Enterprise Manager, an issue has been identified where authenticated administrative users can execute restricted commands via the Traffic Management User Interface (TMUI). This lack of enforcement on command restrictions can allow users to bypass intended security policies, potentially leading to unauthorized actions within the system. It is crucial for organizations utilizing these products to review their configurations and apply the necessary updates to mitigate this vulnerability.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), Enterprise Manager 14.0.0-14.0.0.2, 13.0.0-13.1.1.1

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.