CVE-2018-5516

Sažetak

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.

Reference

http://www.securitytracker.com/id/1040799
http://www.securitytracker.com/id/1040800
https://support.f5.com/csp/article/K37442533

CVSS

Base:	4.7
Impact:	6.9
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

03-10-2019 - 00:03

Objavljeno

02-05-2018 - 13:29