CVE-2018-5519 (GCVE-0-2018-5519)

Vulnerability from cvelistv5 – Published: 2018-05-02 13:00 – Updated: 2024-09-16 22:51
VLAI?
Summary
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.
Severity ?
No CVSS data available.
CWE
  • Privilege escalation
Assigner
f5
References
Impacted products
Vendor Product Version
F5 Networks, Inc. BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) Affected: 13.0.0-13.1.0.5
Affected: 12.1.0-12.1.3.3
Affected: 11.2.1-11.6.3.1
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:40:50.629Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040803",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040803"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K46121888"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
          "vendor": "F5 Networks, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "13.0.0-13.1.0.5"
            },
            {
              "status": "affected",
              "version": "12.1.0-12.1.3.3"
            },
            {
              "status": "affected",
              "version": "11.2.1-11.6.3.1"
            }
          ]
        }
      ],
      "datePublic": "2018-04-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-03T09:57:01",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "name": "1040803",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040803"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K46121888"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "DATE_PUBLIC": "2018-04-30T00:00:00",
          "ID": "CVE-2018-5519",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "13.0.0-13.1.0.5"
                          },
                          {
                            "version_value": "12.1.0-12.1.3.3"
                          },
                          {
                            "version_value": "11.2.1-11.6.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "F5 Networks, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040803",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040803"
            },
            {
              "name": "https://support.f5.com/csp/article/K46121888",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K46121888"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2018-5519",
    "datePublished": "2018-05-02T13:00:00Z",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-09-16T22:51:17.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"16F3D25A-7050-4A98-B3B5-3539FCC417AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"2CD4DFE3-9071-4808-AE24-2CCA5DB5BA80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"9EC16ED5-2E19-4DC5-8F1D-2197D7CFEEBB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"35519CB7-C6BD-4EBF-A75F-03A5D2B9153C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"E5D00EED-F95D-4458-BDC4-3390DE85348B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"69B575F8-F179-4648-A6AD-6F1C655A027A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"4049C7FF-FAE6-4377-98F9-7375D180B232\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"E5011C2D-FBB5-4117-BB97-11DE70117345\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"59E3934C-1BAA-4193-923E-33D515F7D9EA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"64CAD197-79F4-41AE-956C-D23DCA556A52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"79344F94-2CB8-4F08-9373-61614A38476C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"573D868C-4560-4268-8F0E-4BC6EC5D0B4C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"AC26EC47-DB01-45B3-BD47-848B73334A99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"6BB42D3A-71EE-4367-9F65-86404D74E59D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"3331F4E7-A17F-41E2-B3FD-0F212626858D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"5DAD0B3C-4E3B-48F1-84E1-E92BE40A657F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"397AC4A5-B67C-483B-84F7-8CB294BB460C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"41A8A1C4-E425-40BD-B884-527E7CC62D24\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"586A9AE0-4417-4412-B573-73217F82FF73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"6A11E433-943D-4D92-B45E-3FA268094278\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"4F2CDD8C-0D75-4E3B-8E21-BC90C7574534\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"2392B92F-B2A5-4548-AB20-3142D5EADE8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"57CCB85A-6F90-4DB7-B0F8-AE5250E1DCFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"555AC906-C7E8-4E85-8453-498ED7B7205F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"6B30938E-E843-4D52-8EFC-19107BCDB1D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"60189636-02D6-44CA-BE2A-7777E3C409CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"3360351A-9D4F-410A-BB15-44C92326ED64\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"E91FA1C5-2FC4-49F7-9AF7-A6BD446BFA2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"5AD75094-3248-4D37-969E-75272F6F31D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"6FBF24E5-6B40-4022-B481-98E4082839A1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"205B6399-2EA9-44C0-8ED7-06B3EE724AC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"E7860523-E8B3-4BEE-853A-6F0B5BCDDA5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"1643B722-2B02-4C64-82DD-19788D75BC3F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"CDF51DAA-0400-4186-BBF3-8784A9C6FE6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"937055BD-53FC-4D8E-B965-D676AA5ABA4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"8105D615-8A59-466A-8369-9AFDAE2AFA61\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.1\", \"versionEndIncluding\": \"11.6.3\", \"matchCriteriaId\": \"6AB9039C-8ACE-4D9B-B90E-D593512A1E30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.3\", \"matchCriteriaId\": \"1466F808-2596-4028-8884-27EDD5CACB47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.0\", \"matchCriteriaId\": \"B5769F2A-FF74-4B40-B25F-B419DBDEECB6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.\"}, {\"lang\": \"es\", \"value\": \"En F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3 o 11.2.1-11.6.3.1, los usuarios administrativos pueden explotar la utilidad ssldump por medio de m\\u00e9todos no revelados para escribir en rutas de archivos arbitrarias. Para los usuarios que no tienen acceso Advanced Shell (por ejemplo, cualquier usuario cuando est\\u00e1 licenciado para el modo appliance), esto permite un acceso a los archivos m\\u00e1s permisivo de lo esperado.\"}]",
      "id": "CVE-2018-5519",
      "lastModified": "2024-11-21T04:08:58.890",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:P\", \"baseScore\": 5.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-05-02T13:29:00.803",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1040803\", \"source\": \"f5sirt@f5.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.f5.com/csp/article/K46121888\", \"source\": \"f5sirt@f5.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1040803\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.f5.com/csp/article/K46121888\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "f5sirt@f5.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-5519\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2018-05-02T13:29:00.803\",\"lastModified\":\"2024-11-21T04:08:58.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.\"},{\"lang\":\"es\",\"value\":\"En F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3 o 11.2.1-11.6.3.1, los usuarios administrativos pueden explotar la utilidad ssldump por medio de m\u00e9todos no revelados para escribir en rutas de archivos arbitrarias. Para los usuarios que no tienen acceso Advanced Shell (por ejemplo, cualquier usuario cuando est\u00e1 licenciado para el modo appliance), esto permite un acceso a los archivos m\u00e1s permisivo de lo esperado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:P\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"16F3D25A-7050-4A98-B3B5-3539FCC417AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"2CD4DFE3-9071-4808-AE24-2CCA5DB5BA80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"9EC16ED5-2E19-4DC5-8F1D-2197D7CFEEBB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"35519CB7-C6BD-4EBF-A75F-03A5D2B9153C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"E5D00EED-F95D-4458-BDC4-3390DE85348B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"69B575F8-F179-4648-A6AD-6F1C655A027A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"4049C7FF-FAE6-4377-98F9-7375D180B232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"E5011C2D-FBB5-4117-BB97-11DE70117345\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"59E3934C-1BAA-4193-923E-33D515F7D9EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"64CAD197-79F4-41AE-956C-D23DCA556A52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"79344F94-2CB8-4F08-9373-61614A38476C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"573D868C-4560-4268-8F0E-4BC6EC5D0B4C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"AC26EC47-DB01-45B3-BD47-848B73334A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"6BB42D3A-71EE-4367-9F65-86404D74E59D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"3331F4E7-A17F-41E2-B3FD-0F212626858D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"5DAD0B3C-4E3B-48F1-84E1-E92BE40A657F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"397AC4A5-B67C-483B-84F7-8CB294BB460C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"41A8A1C4-E425-40BD-B884-527E7CC62D24\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"586A9AE0-4417-4412-B573-73217F82FF73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"6A11E433-943D-4D92-B45E-3FA268094278\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"4F2CDD8C-0D75-4E3B-8E21-BC90C7574534\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"2392B92F-B2A5-4548-AB20-3142D5EADE8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"57CCB85A-6F90-4DB7-B0F8-AE5250E1DCFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"555AC906-C7E8-4E85-8453-498ED7B7205F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"6B30938E-E843-4D52-8EFC-19107BCDB1D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"60189636-02D6-44CA-BE2A-7777E3C409CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"3360351A-9D4F-410A-BB15-44C92326ED64\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"E91FA1C5-2FC4-49F7-9AF7-A6BD446BFA2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"5AD75094-3248-4D37-969E-75272F6F31D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"6FBF24E5-6B40-4022-B481-98E4082839A1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"205B6399-2EA9-44C0-8ED7-06B3EE724AC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"E7860523-E8B3-4BEE-853A-6F0B5BCDDA5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"1643B722-2B02-4C64-82DD-19788D75BC3F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"CDF51DAA-0400-4186-BBF3-8784A9C6FE6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"937055BD-53FC-4D8E-B965-D676AA5ABA4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"8105D615-8A59-466A-8369-9AFDAE2AFA61\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.1\",\"versionEndIncluding\":\"11.6.3\",\"matchCriteriaId\":\"6AB9039C-8ACE-4D9B-B90E-D593512A1E30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.3\",\"matchCriteriaId\":\"1466F808-2596-4028-8884-27EDD5CACB47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.0\",\"matchCriteriaId\":\"B5769F2A-FF74-4B40-B25F-B419DBDEECB6\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1040803\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.f5.com/csp/article/K46121888\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1040803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.f5.com/csp/article/K46121888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.