Unrestricted Snapshot File Access in F5 BIG-IP Configuration Utility
CVE-2018-15333
5.5MEDIUM
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 28 December 2018
Summary
The F5 BIG-IP web application allows users with any role, including the guest role, to access and download sensitive snapshot files from the configuration utility. This includes files like QKView and TCPDumps, which may contain critical information about the system's configuration and operational data. If exploited, this vulnerability could lead to unauthorized disclosure of sensitive data, compromising the security and integrity of the system.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) All versions 11.2.1+
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved