CVE-2018-15333Unrestricted File Upload in F5 Big-ip Access Policy Manager

CWE-434Unrestricted File Upload4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 68.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+10 more
Timeline
PublishedDec 28
Latest updateMay 13

Description

On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

NVDf5/big-ip_access_policy_manager11.2.111.6.3+3
NVDf5/big-ip_domain_name_system11.2.111.6.3+3
NVDf5/big-ip_analytics11.2.111.6.3+3
NVDf5/big-ip_edge_gateway11.2.111.6.3+3
NVDf5/big-ip_webaccelerator11.2.111.6.3+3

🔴Vulnerability Details

2
GHSA
GHSA-hh2c-99xr-8r5r: On versions 112022-05-13
CVEList
CVE-2018-15333: On versions 112018-12-28

📋Vendor Advisories

1
F5
CVE-2018-15333: On versions 112018-12-28
CVE-2018-15333 — Unrestricted File Upload in F5 | cvebase