CVE-2018-5516
Published: May 2, 2018
Modified: Sep 17, 2024
Description
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
| Vendor | Product | Versions |
|---|---|---|
F5 Networks, Inc. | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | affected 13.0.0-13.1.0.5affected 12.1.0-12.1.2affected 11.2.1-11.6.3.1 |
F5 Networks, Inc. | Enterprise Manager | affected 3.1.1 |
F5 Networks, Inc. | BIG-IQ Centralized Management | affected 5.0.0-5.4.0affected 4.6.0 |
F5 Networks, Inc. | BIG-IQ Cloud and Orchestration | affected 1.0.0 |
F5 Networks, Inc. | iWorkflow | affected 2.0.2-2.3.0 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now