4.7
CVSSv2

CVE-2018-5516

Published: 02/05/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1
VMScore: 418
Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Vulnerability Summary

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged malicious users to exfiltrate objects on the file system which should not be allowed.

Affected Products

Vendor Product Versions
F5Big-ip Access Policy Manager11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.0.0, 13.0.1, 13.1.0
F5Big-ip Advanced Firewall Manager11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.1, 13.1.0
F5Big-ip Analytics11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.1, 13.1.0
F5Big-ip Application Acceleration Manager11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.1, 13.1.0
F5Big-ip Application Security Manager11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.1, 13.1.0
F5Big-ip Domain Name System11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.1, 13.1.0
F5Big-ip Edge Gateway11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.1, 13.1.0
F5Big-ip Enterprise Manager3.1.1
F5Big-ip Global Traffic Manager11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.1, 13.1.0
F5Big-ip Link Controller11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.1, 13.1.0
F5Big-ip Local Traffic Manager11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.1, 13.1.0
F5Big-ip Policy Enforcement Manager11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.1, 13.1.0
F5Big-ip Webaccelerator11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.1, 13.1.0
F5Big-ip Websafe11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.6.0, 11.6.1, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.1.0
F5Big-iq Centralized Management4.6.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.4.0
F5Big-iq Cloud And Orchestration1.0.0