Vulnerabilites related to F5 Networks, Inc. - iWorkflow
CVE-2018-5516 (GCVE-0-2018-5516)
Vulnerability from cvelistv5
Published
2018-05-02 13:00
Modified
2024-09-17 02:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege escalation
Summary
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | F5 Networks, Inc. | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) |
Version: 13.0.0-13.1.0.5 Version: 12.1.0-12.1.2 Version: 11.2.1-11.6.3.1 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:50.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K37442533"
},
{
"name": "1040800",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040800"
},
{
"name": "1040799",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0-13.1.0.5"
},
{
"status": "affected",
"version": "12.1.0-12.1.2"
},
{
"status": "affected",
"version": "11.2.1-11.6.3.1"
}
]
},
{
"product": "Enterprise Manager",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "3.1.1"
}
]
},
{
"product": "BIG-IQ Centralized Management",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0-5.4.0"
},
{
"status": "affected",
"version": "4.6.0"
}
]
},
{
"product": "BIG-IQ Cloud and Orchestration",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
},
{
"product": "iWorkflow",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "2.0.2-2.3.0"
}
]
}
],
"datePublic": "2018-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K37442533"
},
{
"name": "1040800",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040800"
},
{
"name": "1040799",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-04-30T00:00:00",
"ID": "CVE-2018-5516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
"version": {
"version_data": [
{
"version_value": "13.0.0-13.1.0.5"
},
{
"version_value": "12.1.0-12.1.2"
},
{
"version_value": "11.2.1-11.6.3.1"
}
]
}
},
{
"product_name": "Enterprise Manager",
"version": {
"version_data": [
{
"version_value": "3.1.1"
}
]
}
},
{
"product_name": "BIG-IQ Centralized Management",
"version": {
"version_data": [
{
"version_value": "5.0.0-5.4.0"
},
{
"version_value": "4.6.0"
}
]
}
},
{
"product_name": "BIG-IQ Cloud and Orchestration",
"version": {
"version_data": [
{
"version_value": "1.0.0"
}
]
}
},
{
"product_name": "iWorkflow",
"version": {
"version_data": [
{
"version_value": "2.0.2-2.3.0"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K37442533",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K37442533"
},
{
"name": "1040800",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040800"
},
{
"name": "1040799",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2018-5516",
"datePublished": "2018-05-02T13:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T02:41:51.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6128 (GCVE-0-2017-6128)
Vulnerability from cvelistv5
Published
2017-05-01 15:00
Modified
2024-08-05 15:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- sshd is vulnerable to DoS
Summary
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe |
Version: varies depending on product - see https://support.f5.com/csp/article/K92140924 for table |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K92140924"
},
{
"name": "1038362",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
}
]
},
{
"product": "Enterprise Manager",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
}
]
},
{
"product": "BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
}
]
},
{
"product": "iWorkflow",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
}
]
}
],
"datePublic": "2017-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "sshd is vulnerable to DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "1038363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K92140924"
},
{
"name": "1038362",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2017-6128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe",
"version": {
"version_data": [
{
"version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
}
]
}
},
{
"product_name": "Enterprise Manager",
"version": {
"version_data": [
{
"version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
}
]
}
},
{
"product_name": "BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration",
"version": {
"version_data": [
{
"version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
}
]
}
},
{
"product_name": "iWorkflow",
"version": {
"version_data": [
{
"version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "sshd is vulnerable to DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038363"
},
{
"name": "https://support.f5.com/csp/article/K92140924",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K92140924"
},
{
"name": "1038362",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6128",
"datePublished": "2017-05-01T15:00:00",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}