CVE-2018-5525Sensitive Information Exposure in F5 Big-ip Global Traffic Manager

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 62.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+10 more
Timeline
PublishedJun 1
Latest updateMay 14

Description

A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages13 packages

NVDf5/big-ip_local_traffic_manager12.1.012.1.3+3
NVDf5/big-ip_global_traffic_manager12.1.012.1.3+3
NVDf5/big-ip_analytics12.1.012.1.3+4
NVDf5/big-ip_edge_gateway12.1.012.1.3+3
NVDf5/big-ip_webaccelerator12.1.012.1.3+3

🔴Vulnerability Details

2
GHSA
GHSA-j5gq-r8fw-mcg5: A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 132022-05-14
CVEList
CVE-2018-5525: A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 132018-06-01

📋Vendor Advisories

1
F5
CVE-2018-5525: A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 132018-06-01
CVE-2018-5525 — Sensitive Information Exposure in F5 | cvebase