← voltar
CVE-2018-5516

CVE-2018-5516

EPSS 0.3%
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
Produtos afetados
F5 Networks, Inc. · BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)F5 Networks, Inc. · BIG-IQ Centralized ManagementF5 Networks, Inc. · BIG-IQ Cloud and OrchestrationF5 Networks, Inc. · Enterprise ManagerF5 Networks, Inc. · iWorkflow

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://support.f5.com/csp/article/K37442533http://www.securitytracker.com/id/1040799http://www.securitytracker.com/id/1040800