fkie_cve-2018-5519
Vulnerability from fkie_nvd
Published
2018-05-02 13:29
Modified
2024-11-21 04:08
Severity ?
Summary
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | http://www.securitytracker.com/id/1040803 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K46121888 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040803 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K46121888 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16F3D25A-7050-4A98-B3B5-3539FCC417AE",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4DFE3-9071-4808-AE24-2CCA5DB5BA80",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16ED5-2E19-4DC5-8F1D-2197D7CFEEBB",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35519CB7-C6BD-4EBF-A75F-03A5D2B9153C",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D00EED-F95D-4458-BDC4-3390DE85348B",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69B575F8-F179-4648-A6AD-6F1C655A027A",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4049C7FF-FAE6-4377-98F9-7375D180B232",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5011C2D-FBB5-4117-BB97-11DE70117345",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59E3934C-1BAA-4193-923E-33D515F7D9EA",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64CAD197-79F4-41AE-956C-D23DCA556A52",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79344F94-2CB8-4F08-9373-61614A38476C",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "573D868C-4560-4268-8F0E-4BC6EC5D0B4C",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC26EC47-DB01-45B3-BD47-848B73334A99",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB42D3A-71EE-4367-9F65-86404D74E59D",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3331F4E7-A17F-41E2-B3FD-0F212626858D",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAD0B3C-4E3B-48F1-84E1-E92BE40A657F",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "397AC4A5-B67C-483B-84F7-8CB294BB460C",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41A8A1C4-E425-40BD-B884-527E7CC62D24",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "586A9AE0-4417-4412-B573-73217F82FF73",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A11E433-943D-4D92-B45E-3FA268094278",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2CDD8C-0D75-4E3B-8E21-BC90C7574534",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2392B92F-B2A5-4548-AB20-3142D5EADE8E",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57CCB85A-6F90-4DB7-B0F8-AE5250E1DCFE",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555AC906-C7E8-4E85-8453-498ED7B7205F",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B30938E-E843-4D52-8EFC-19107BCDB1D9",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60189636-02D6-44CA-BE2A-7777E3C409CD",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3360351A-9D4F-410A-BB15-44C92326ED64",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E91FA1C5-2FC4-49F7-9AF7-A6BD446BFA2E",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD75094-3248-4D37-969E-75272F6F31D6",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBF24E5-6B40-4022-B481-98E4082839A1",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "205B6399-2EA9-44C0-8ED7-06B3EE724AC2",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7860523-E8B3-4BEE-853A-6F0B5BCDDA5A",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1643B722-2B02-4C64-82DD-19788D75BC3F",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF51DAA-0400-4186-BBF3-8784A9C6FE6D",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "937055BD-53FC-4D8E-B965-D676AA5ABA4C",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8105D615-8A59-466A-8369-9AFDAE2AFA61",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB9039C-8ACE-4D9B-B90E-D593512A1E30",
"versionEndIncluding": "11.6.3",
"versionStartIncluding": "11.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1466F808-2596-4028-8884-27EDD5CACB47",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5769F2A-FF74-4B40-B25F-B419DBDEECB6",
"versionEndIncluding": "13.1.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended."
},
{
"lang": "es",
"value": "En F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3 o 11.2.1-11.6.3.1, los usuarios administrativos pueden explotar la utilidad ssldump por medio de m\u00e9todos no revelados para escribir en rutas de archivos arbitrarias. Para los usuarios que no tienen acceso Advanced Shell (por ejemplo, cualquier usuario cuando est\u00e1 licenciado para el modo appliance), esto permite un acceso a los archivos m\u00e1s permisivo de lo esperado."
}
],
"id": "CVE-2018-5519",
"lastModified": "2024-11-21T04:08:58.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-02T13:29:00.803",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040803"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K46121888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K46121888"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…