CVE-2018-5520 — Incorrect Authorization in F5 Big-ip Access Policy Manager
Severity
4.4MEDIUMNVD
EPSS
0.2%
top 59.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 2
Latest updateMay 13
Description
On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.7 | Impact: 3.6