File System Access Vulnerability in F5 BIG-IP and Related Products
CVE-2018-5516
Key Information:
Summary
An access control vulnerability in F5 BIG-IP and connected products permits authenticated users with limited privileges to access restricted objects on the file system through the TMOS Shell (tmsh). This flaw potentially enables low-privileged attackers to exfiltrate sensitive data that should be secure. The affected versions span multiple releases, highlighting the need for users and administrators to evaluate their systems and implement necessary security measures.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0-13.1.0.5
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.2
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.2.1-11.6.3.1
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved