CVE-2018-5519

MEDIUM

F5 BIG-IP 11.2.1-11.6.3 - Authenticated Arbitrary File Write via ssldump Utility

Title source: llm
STIX 2.1

Description

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040803
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K46121888

Scores

CVSS v3 4.9
EPSS 0.0020
EPSS Percentile 41.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (13)
f5/big-ip_access_policy_manager 11.2.1 - 11.6.3
f5/big-ip_advanced_firewall_manager 11.2.1 - 11.6.3
f5/big-ip_analytics 11.2.1 - 11.6.3
f5/big-ip_application_acceleration_manager 11.2.1 - 11.6.3
f5/big-ip_application_security_manager 11.2.1 - 11.6.3
f5/big-ip_domain_name_system 11.2.1 - 11.6.3
f5/big-ip_edge_gateway 11.2.1 - 11.6.3
f5/big-ip_global_traffic_manager 11.2.1 - 11.6.3
f5/big-ip_link_controller 11.2.1 - 11.6.3
f5/big-ip_local_traffic_manager 11.2.1 - 11.6.3
... and 3 more
Published May 02, 2018
Tracked Since Feb 18, 2026