CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-5519

MEDIUM
4.9
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile6.77th
Published2018年5月2日
Last Modified2024年11月21日

Vulnerability Description

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.

Affected Platforms (CPE)

📦
F5

Big Ip Local Traffic Manager

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Local Traffic Manager

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Local Traffic Manager

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Application Acceleration Manager

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Application Acceleration Manager

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Application Acceleration Manager

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Advanced Firewall Manager

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Advanced Firewall Manager

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Advanced Firewall Manager

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Analytics

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Analytics

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Analytics

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Access Policy Manager

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Access Policy Manager

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Access Policy Manager

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Application Security Manager

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Application Security Manager

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Application Security Manager

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Edge Gateway

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Edge Gateway

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Edge Gateway

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Global Traffic Manager

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Global Traffic Manager

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Global Traffic Manager

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Link Controller

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Link Controller

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Link Controller

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Policy Enforcement Manager

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Policy Enforcement Manager

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Policy Enforcement Manager

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Webaccelerator

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Webaccelerator

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Webaccelerator

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Websafe

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Websafe

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Websafe

>= 13.0.0 and <= 13.1.0
📦
F5

Big Ip Domain Name System

>= 11.2.1 and <= 11.6.3
📦
F5

Big Ip Domain Name System

>= 12.1.0 and <= 12.1.3
📦
F5

Big Ip Domain Name System

>= 13.0.0 and <= 13.1.0

References & Advisories

🔗 http://www.securitytracker.com/id/1040803
🔗 https://support.f5.com/csp/article/K46121888
🔗 http://www.securitytracker.com/id/1040803
🔗 https://support.f5.com/csp/article/K46121888

相關漏洞威脅

CVE-2018-696810.0

The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code exec...

CVE-2018-1246410.0

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows a...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-377410.0

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, ...