Unrated severityNVD Advisory· Published May 2, 2018· Updated Sep 17, 2024

CVE-2018-5516

Description

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.

Affected products

F5 Networks, Inc./BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)v5
Range: 13.0.0-13.1.0.5
F5 Networks, Inc./Enterprise Managerv5
Range: 3.1.1
F5 Networks, Inc./Big Iq Centralized Managementv5
Range: 5.0.0-5.4.0
F5 Networks, Inc./BIG-IQ Cloud and Orchestrationv5
Range: 1.0.0
F5 Networks, Inc./iWorkflowv5
Range: 2.0.2-2.3.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securitytracker.com/id/1040799mitrevdb-entryx_refsource_SECTRACK
www.securitytracker.com/id/1040800mitrevdb-entryx_refsource_SECTRACK
support.f5.com/csp/article/K37442533mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000