← volver
CVE-2018-5516

CVE-2018-5516

EPSS 0.3%
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
Productos afectados
F5 Networks, Inc. · BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)F5 Networks, Inc. · BIG-IQ Centralized ManagementF5 Networks, Inc. · BIG-IQ Cloud and OrchestrationF5 Networks, Inc. · Enterprise ManagerF5 Networks, Inc. · iWorkflow

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://support.f5.com/csp/article/K37442533http://www.securitytracker.com/id/1040799http://www.securitytracker.com/id/1040800