CVE-2018-5516

moderate-risk

Published 2018-05-02

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

LOCAL / HIGH complexity

Affected Products (18)

Big-Ip Local Traffic Manager

Big-Ip Application Acceleration Manager

Big-Ip Advanced Firewall Manager

Big-Ip Analytics

Big-Ip Access Policy Manager

Big-Ip Application Security Manager

Big-Ip Edge Gateway

Big-Ip Global Traffic Manager

Big-Ip Link Controller

Big-Ip Policy Enforcement Manager

Big-Ip Webaccelerator

Big-Ip Websafe

Big-Ip Domain Name System

Big-Ip Enterprise Manager

Big-Iq Centralized Management

Big-Iq Cloud And Orchestration

F5 Iworkflow

Affected Vendors

References (6)

Third Party Advisory http://www.securitytracker.com/id/1040799

Third Party Advisory http://www.securitytracker.com/id/1040800

Vendor Advisory https://support.f5.com/csp/article/K37442533

Third Party Advisory http://www.securitytracker.com/id/1040799

Third Party Advisory http://www.securitytracker.com/id/1040800

Vendor Advisory https://support.f5.com/csp/article/K37442533

/ 100

moderate-risk

Severity 12/34 · Low

Exploitability 0/34 · Minimal

Exposure 19/34 · Moderate