Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-5511

CWE-4706 documents6 sources

Severity

7.2HIGH

EPSS

11.7%

top 6.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +13 more

Timeline

PublishedApr 13

Latest updateMay 13

Description

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages16 packages

▶NVDf5/big-ip_local_traffic_manager13.0.0, 13.1.0+1

▶NVDf5/big-ip_global_traffic_manager13.0.0, 13.1.0+1

▶NVDf5/big-ip_websafe13.0.0, 13.1.0+1

▶NVDvmware/workstation14.1.5

▶NVDf5/big-ip_analytics13.0.0, 13.1.0+1

🔴Vulnerability Details

GHSA

GHSA-4cq3-3qxv-x93w: On F5 BIG-IP 13↗2022-05-13

▶

CVEList

CVE-2018-5511: On F5 BIG-IP 13↗2018-04-13

▶

💥Exploits & PoCs

Exploit-DB

VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation↗2019-03-25

▶

📋Vendor Advisories

CVE-2018-5511: On F5 BIG-IP 13↗2018-04-13

▶

💬Community

Bugzilla

CVE-2018-1000037 mupdf: multiple reachable assertions in the PDF parser↗2018-05-24

▶