CVE-2018-15328 vulnerability in F5 Networks Products
Published on December 12, 2018
On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files.
Products Associated with CVE-2018-15328
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-15328 are published in these products:
Affected Versions
F5 Networks, Inc. BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), Enterprise Manager, BIG-IQ Centralized Management, F5 iWorkflow:- Version BIG-IP 14.0.x, 13.x, 12.x, 11.x is affected.
- Version EM 3.1.1 is affected.
- Version BIG-IQ 6.x, 5.x, 4.x is affected.
- Version iWorkflow 2.x is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.