Arbitrary File Write Vulnerability in F5 BIG-IP Products
CVE-2018-5519

4.9MEDIUM

Key Information:

Vendor: F5
Status: Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe)
Vendor: CVE Published:; 2 May 2018

Summary

An arbitrary file write vulnerability exists in F5 BIG-IP versions 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, and 11.2.1-11.6.3.1. Administrative users can exploit the ssldump utility through undisclosed methods to write to arbitrary file paths. This vulnerability enables users without Advanced Shell access, such as those licensed for Appliance Mode, to achieve broader file access than intended, potentially compromising system integrity.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0-13.1.0.5

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.3.3

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.2.1-11.6.3.1

References

http://www.securitytracker.com/id/1040803

vdb-entryx_refsource_SECTRACK

https://support.f5.com/csp/article/K46121888

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2018
Vulnerability Reserved
Jan 12, 2018