File System Access Vulnerability in F5 BIG-IP and Related Products
CVE-2018-5516

4.7MEDIUM

Summary

An access control vulnerability in F5 BIG-IP and connected products permits authenticated users with limited privileges to access restricted objects on the file system through the TMOS Shell (tmsh). This flaw potentially enables low-privileged attackers to exfiltrate sensitive data that should be secure. The affected versions span multiple releases, highlighting the need for users and administrators to evaluate their systems and implement necessary security measures.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0-13.1.0.5

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.2

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.2.1-11.6.3.1

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.