CVE-2018-5519F5 Big-ip Access Policy Manager vulnerability

4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.2%
top 58.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+10 more
Timeline
PublishedMay 2
Latest updateMay 13

Description

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages13 packages

NVDf5/big-ip_access_policy_manager11.2.111.6.3+2
NVDf5/big-ip_advanced_firewall_manager11.2.111.6.3+2
NVDf5/big-ip_websafe11.2.111.6.3+2
NVDf5/big-ip_analytics11.2.111.6.3+2
NVDf5/big-ip_edge_gateway11.2.111.6.3+2

🔴Vulnerability Details

2
GHSA
GHSA-jqvf-wwmr-gpq9: On F5 BIG-IP 132022-05-13
CVEList
CVE-2018-5519: On F5 BIG-IP 132018-05-02

📋Vendor Advisories

1
F5
CVE-2018-5519: On F5 BIG-IP 132018-05-02
CVE-2018-5519 — F5 vulnerability | cvebase