CVE-2018-15321
MEDIUMBIG-IP 11.2.1-11.5.6 - Authenticated Privilege Escalation via TMSH Command Bypass
Title source: llmDescription
When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K01067037
Scores
CVSS v3
4.9
EPSS
0.0019
EPSS Percentile
40.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-269
Status
published
Products (18)
f5/big-ip_access_policy_manager
11.2.1 - 11.5.6
f5/big-ip_advanced_firewall_manager
11.2.1 - 11.5.6
f5/big-ip_analytics
11.2.1 - 11.5.6
f5/big-ip_application_acceleration_manager
11.2.1 - 11.5.6
f5/big-ip_domain_name_system
11.2.1 - 11.5.6
f5/big-ip_edge_gateway
11.2.1 - 11.5.6
f5/big-ip_fraud_protection_service
11.2.1 - 11.5.6
f5/big-ip_global_traffic_manager
11.2.1 - 11.5.6
f5/big-ip_link_controller
11.2.1 - 11.5.6
f5/big-ip_local_traffic_manager
11.2.1 - 11.5.6
... and 8 more
Published
Oct 31, 2018
Tracked Since
Feb 18, 2026