Unauthorized Access Vulnerability in F5 BIG-IP Appliance Mode
CVE-2018-5520

4.4MEDIUM

Key Information:

Vendor

F5
Status
Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe)
Vendor
CVE Published:
2 May 2018

What is CVE-2018-5520?

On F5 BIG-IP systems running in Appliance mode, a vulnerability exists in the TMOS Shell (tmsh) that could allow an administrative user to exploit the dig utility for unauthorized access to sensitive file system resources. This flaw is present in specific versions of the software, potentially compromising the integrity of critical system configurations and data. Organizations using affected versions are strongly advised to implement measures to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0-13.1.0.5

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.3.1

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.2.1-11.6.3.1

References

https://support.f5.com/csp/article/K02043709
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040798
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.