← back
CVE-2018-5516

CVE-2018-5516

EPSS 0.3%
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
Affected products
F5 Networks, Inc. · BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)F5 Networks, Inc. · BIG-IQ Centralized ManagementF5 Networks, Inc. · BIG-IQ Cloud and OrchestrationF5 Networks, Inc. · Enterprise ManagerF5 Networks, Inc. · iWorkflow

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.f5.com/csp/article/K37442533http://www.securitytracker.com/id/1040799http://www.securitytracker.com/id/1040800