vulnerability

F5 Networks: CVE-2018-5516: K37442533: TMOS Shell vulnerability CVE-2018-5516

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:M/Au:N/C:C/I:N/A:N)	Apr 30, 2018	May 1, 2018	Aug 23, 2024

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:N/A:N)

Published

Apr 30, 2018

Added

May 1, 2018

Modified

Aug 23, 2024

Description

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.

Solution

f5-big-ip-upgrade-latest

References

CVE-2018-5516
https://attackerkb.com/topics/CVE-2018-5516
URL-https://my.f5.com/manage/s/article/K37442533

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today