Arbitrary File Write Vulnerability in F5 BIG-IP Products
CVE-2018-5519

4.9MEDIUM

Key Information:

Vendor

F5
Status
Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe)
Vendor
CVE Published:
2 May 2018

What is CVE-2018-5519?

An arbitrary file write vulnerability exists in F5 BIG-IP versions 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, and 11.2.1-11.6.3.1. Administrative users can exploit the ssldump utility through undisclosed methods to write to arbitrary file paths. This vulnerability enables users without Advanced Shell access, such as those licensed for Appliance Mode, to achieve broader file access than intended, potentially compromising system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0-13.1.0.5

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.3.3

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.2.1-11.6.3.1

References

http://www.securitytracker.com/id/1040803
vdb-entryx_refsource_SECTRACK
https://support.f5.com/csp/article/K46121888
x_refsource_CONFIRM

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.