CVE-2018-5516

02.05.2018, 13:29

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
f5	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 31%

Vendor	Product	Version
f5	big-ip_local_traffic_manager	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_local_traffic_manager	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_local_traffic_manager	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_application_acceleration_manager	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_application_acceleration_manager	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_application_acceleration_manager	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_advanced_firewall_manager	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_advanced_firewall_manager	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_advanced_firewall_manager	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_analytics	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_analytics	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_analytics	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_access_policy_manager	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_access_policy_manager	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_access_policy_manager	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_application_security_manager	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_application_security_manager	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_application_security_manager	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_edge_gateway	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_edge_gateway	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_edge_gateway	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_global_traffic_manager	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_global_traffic_manager	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_global_traffic_manager	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_link_controller	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_link_controller	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_link_controller	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_policy_enforcement_manager	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_policy_enforcement_manager	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_policy_enforcement_manager	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_webaccelerator	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_webaccelerator	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_webaccelerator	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_websafe	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_websafe	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_websafe	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_domain_name_system	11.2.1 ≤ 𝑥 ≤ 11.6.3
f5	big-ip_domain_name_system	12.1.0 ≤ 𝑥 ≤ 12.1.2
f5	big-ip_domain_name_system	13.0.0 ≤ 𝑥 ≤ 13.1.0
f5	big-ip_enterprise_manager	3.1.1
f5	big-iq_centralized_management	5.0.0 ≤ 𝑥 ≤ 5.4.0
f5	big-iq_centralized_management	4.6.0
f5	big-iq_cloud_and_orchestration	1.0.0
f5	f5_iworkflow	2.0.2 ≤ 𝑥 ≤ 2.3.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

http://www.securitytracker.com/id/1040799

http://www.securitytracker.com/id/1040800

https://support.f5.com/csp/article/K37442533

http://www.securitytracker.com/id/1040799

http://www.securitytracker.com/id/1040800

https://support.f5.com/csp/article/K37442533