Medium severity4.7NVD Advisory· Published May 2, 2018· Updated Jun 17, 2026
CVE-2018-5516
CVE-2018-5516
Description
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
Affected products
7>=4.6.0, <=5.4.0+ 1 more
- (no CPE)range: >=4.6.0, <=5.4.0
- (no CPE)range: 5.0.0-5.4.0
- F5, Inc./Big Ip (ltm, Aam, Afm, Analytics, Apm, Asm, DNS, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator)cpe-rescueRange: 13.0.0-13.1.0.5
- F5 Networks, Inc./BIG-IQ Cloud and Orchestrationv5Range: 1.0.0
- F5 Networks, Inc./Enterprise Managerv5Range: 3.1.1
Patches
Vulnerability mechanics
References
3- www.securitytracker.com/id/1040799nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040800nvdThird Party AdvisoryVDB Entry
- support.f5.com/csp/article/K37442533nvdVendor Advisory
News mentions
0No linked articles in our index yet.