File System Access Vulnerability in F5 BIG-IP and Related Products
CVE-2018-5516

4.7MEDIUM

Key Information:

Vendor
F5
Status
Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe)
Enterprise Manager
Big-iq Centralized Management
Big-iq Cloud And Orchestration
Vendor
CVE Published:
2 May 2018

Summary

An access control vulnerability in F5 BIG-IP and connected products permits authenticated users with limited privileges to access restricted objects on the file system through the TMOS Shell (tmsh). This flaw potentially enables low-privileged attackers to exfiltrate sensitive data that should be secure. The affected versions span multiple releases, highlighting the need for users and administrators to evaluate their systems and implement necessary security measures.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0-13.1.0.5

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.2

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.2.1-11.6.3.1

References

https://support.f5.com/csp/article/K37442533
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040800
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1040799
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.