Arbitrary File Write Vulnerability in F5 BIG-IP Products
CVE-2018-5519
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 2 May 2018
Summary
An arbitrary file write vulnerability exists in F5 BIG-IP versions 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, and 11.2.1-11.6.3.1. Administrative users can exploit the ssldump utility through undisclosed methods to write to arbitrary file paths. This vulnerability enables users without Advanced Shell access, such as those licensed for Appliance Mode, to achieve broader file access than intended, potentially compromising system integrity.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0-13.1.0.5
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.3.3
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.2.1-11.6.3.1
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved