CVE-2018-15331 Information

Description

On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7 the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts which could be used to leverage attacks against the BIG-IP system.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://support.f5.com/csp/article/K54843525

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8