CVE-2018-5516 Information

Description

On F5 BIG-IP 13.0.0-13.1.0.5 12.1.0-12.1.2 or 11.2.1-11.6.3.1 Enterprise Manager 3.1.1 BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0 BIG-IQ Cloud and Orchestration 1.0.0 or F5 iWorkflow 2.0.2-2.3.0 authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated low privileged attackers to exfiltrate objects on the file system which should not be allowed.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securitytracker.com/id/1040799 http://www.securitytracker.com/id/1040800 https://support.f5.com/csp/article/K37442533

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

4.7