Lucene search
F5CVELIST:CVE-2018-5516HistoryMay 02, 2018 - 1:00 p.m.
CVE-2018-5516
2018-05-0213:00:00
f5
www.cve.org
5
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
CNA Affected
[
{
"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0-13.1.0.5"
},
{
"status": "affected",
"version": "12.1.0-12.1.2"
},
{
"status": "affected",
"version": "11.2.1-11.6.3.1"
}
]
},
{
"product": "Enterprise Manager",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "3.1.1"
}
]
},
{
"product": "BIG-IQ Centralized Management",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0-5.4.0"
},
{
"status": "affected",
"version": "4.6.0"
}
]
},
{
"product": "BIG-IQ Cloud and Orchestration",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
},
{
"product": "iWorkflow",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "2.0.2-2.3.0"
}
]
}
]Related
prion
prion
Code injection
2018-05-02 13:29:00
nessus
nessus
F5 Networks BIG-IP : TMOS Shell vulnerability (K37442533)
2018-11-02 00:00:00
F5 Networks BIG-IP : TMOS Shell vulnerability (K21711352)
2020-05-01 00:00:00
nvd
nvd
CVE-2018-5516
2018-05-02 13:29:00
cve
cve
CVE-2018-5516
2018-05-02 13:29:00
f5
f5
K37442533 : TMOS Shell vulnerability CVE-2018-5516
2018-04-30 00:00:00
K21711352 : TMOS Shell vulnerability CVE-2019-19151
2019-12-20 00:00:00