CVE-2018-15331Improper Privilege Management in F5 Big-ip Application Acceleration Manager

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 55.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Big-ip Application Acceleration ManagerF5 Networks INC Big-ip
Timeline
PublishedDec 20
Latest updateMay 13

Description

On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5f5_networks_inc/big-ip13.0.0, 12.1.0-12.1.3.7

🔴Vulnerability Details

2
GHSA
GHSA-wxr5-p2xp-m24f: On BIG-IP AAM 132022-05-13
CVEList
CVE-2018-15331: On BIG-IP AAM 132018-12-20

📋Vendor Advisories

1
F5
CVE-2018-15331: On BIG-IP AAM 132018-12-20
CVE-2018-15331 — Improper Privilege Management in F5 | cvebase