CVE-2018-5516 vulnerability in F5 Networks Products
Published on May 2, 2018
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
Products Associated with CVE-2018-5516
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-5516 are published in these products:
Affected Versions
F5 Networks, Inc. BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe):- Version 13.0.0-13.1.0.5 is affected.
- Version 12.1.0-12.1.2 is affected.
- Version 11.2.1-11.6.3.1 is affected.
- Version 3.1.1 is affected.
- Version 5.0.0-5.4.0 is affected.
- Version 4.6.0 is affected.
- Version 1.0.0 is affected.
- Version 2.0.2-2.3.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.