K54843525 : BIG-IP AAM DCDB vulnerability CVE-2018-15331

2018-12-2000:00:00

my.f5.com

0.001 Low

EPSS

Percentile

27.3%

JSON

Security Advisory Description

The dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. (CVE-2018-15331)

Impact

This issue does not have a direct exploit, but may be used to leverage attacks against the BIG-IP system by way of the AAM module.

Thedcdb_convertbinary is typically run manually to update the capabilities database. The risk of exploitation is from downloading a malformed capabilities database, which includes an exploit and running it through the dcdb_convert utility.

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-ip afmeq11.5.1
big-ip afmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2

Rows per page:

1-10 of 2171

0.001 Low

EPSS

Percentile

27.3%

JSON

Related for F5:K54843525