Unauthorized Access Vulnerability in F5 BIG-IP Appliance Mode
CVE-2018-5520
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 2 May 2018
Summary
On F5 BIG-IP systems running in Appliance mode, a vulnerability exists in the TMOS Shell (tmsh) that could allow an administrative user to exploit the dig utility for unauthorized access to sensitive file system resources. This flaw is present in specific versions of the software, potentially compromising the integrity of critical system configurations and data. Organizations using affected versions are strongly advised to implement measures to mitigate risks associated with this vulnerability.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0-13.1.0.5
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.3.1
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.2.1-11.6.3.1
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved