CVE-2018-5516

CWE-732Incorrect Permission Assignment5 documents5 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 69.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
21
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+18 more
Timeline
PublishedMay 2
Latest updateMay 13

Description

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages21 packages

NVDf5/big-ip_access_policy_manager11.2.111.6.3+2
NVDf5/big-ip_domain_name_system11.2.111.6.3+2
NVDf5/big-iq_centralized_management5.0.05.4.0+1

🔴Vulnerability Details

2
GHSA
GHSA-8wx2-h54g-674g: On F5 BIG-IP 132022-05-13
CVEList
CVE-2018-5516: On F5 BIG-IP 132018-05-02

📋Vendor Advisories

1
F5
CVE-2018-5516: On F5 BIG-IP 132018-05-02

🕵️Threat Intelligence

1
Talos
Vulnerability Spotlight: Denial of service in VMWare Workstation 152019-04-15
CVE-2018-5516 (MEDIUM CVSS 4.7) | On F5 BIG-IP 13.0.0-13.1.0.5 | cvebase.io