Vulnerability Name:

CVE-2018-5516 (CCN-142672)

Assigned:2018-05-01
Published:2018-05-01
Updated:2019-10-03
Summary:On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
CVSS v3 Severity:4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.7 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-732
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2018-5516

Source: CCN
Type: SECTRACK ID: 1040799
F5 Enterprise Manager Flaw in TMOS Shell Lets Remote Authenticated Low-Privileged Users Obtain Potentially Sensitive Information

Source: CCN
Type: SECTRACK ID: 1040800
F5 BIG-IP Flaw in TMOS Shell Lets Remote Authenticated Low-Privileged Users Obtain Potentially Sensitive Information

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1040799

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1040800

Source: XF
Type: UNKNOWN
f5-cve20185516-info-disc(142672)

Source: CCN
Type: F5 Security Advisory K37442533
TMOS Shell vulnerability CVE-2018-5516

Source: CONFIRM
Type: Vendor Advisory
https://support.f5.com/csp/article/K37442533

Vulnerable Configuration:Configuration 1:
  • cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 2:
  • cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 3:
  • cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 4:
  • cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 5:
  • cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 6:
  • cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 7:
  • cpe:/a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 8:
  • cpe:/a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 9:
  • cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 10:
  • cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 11:
  • cpe:/a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 12:
  • cpe:/a:f5:big-ip_websafe:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_websafe:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_websafe:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 13:
  • cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 11.2.1 and <= 11.6.3)
  • OR cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 12.1.0 and <= 12.1.2)
  • OR cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.0)

    • Configuration 14:
  • cpe:/a:f5:big-ip_enterprise_manager:3.1.1:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* (Version >= 5.0.0 and <= 5.4.0)

    • Configuration 16:
  • cpe:/a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/a:f5:f5_iworkflow:*:*:*:*:*:*:*:* (Version >= 2.0.2 and <= 2.3.0)

    • Configuration CCN 1:
  • cpe:/a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip:12.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip:13.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip:12.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip:13.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip:11.6.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_centralized_management:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_centralized_management:5.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:iworkflow:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    f5 big-ip local traffic manager *
    f5 big-ip local traffic manager *
    f5 big-ip local traffic manager *
    f5 big-ip application acceleration manager *
    f5 big-ip application acceleration manager *
    f5 big-ip application acceleration manager *
    f5 big-ip advanced firewall manager *
    f5 big-ip advanced firewall manager *
    f5 big-ip advanced firewall manager *
    f5 big-ip analytics *
    f5 big-ip analytics *
    f5 big-ip analytics *
    f5 big-ip access policy manager *
    f5 big-ip access policy manager *
    f5 big-ip access policy manager *
    f5 big-ip application security manager *
    f5 big-ip application security manager *
    f5 big-ip application security manager *
    f5 big-ip edge gateway *
    f5 big-ip edge gateway *
    f5 big-ip edge gateway *
    f5 big-ip global traffic manager *
    f5 big-ip global traffic manager *
    f5 big-ip global traffic manager *
    f5 big-ip link controller *
    f5 big-ip link controller *
    f5 big-ip link controller *
    f5 big-ip policy enforcement manager *
    f5 big-ip policy enforcement manager *
    f5 big-ip policy enforcement manager *
    f5 big-ip webaccelerator *
    f5 big-ip webaccelerator *
    f5 big-ip webaccelerator *
    f5 big-ip websafe *
    f5 big-ip websafe *
    f5 big-ip websafe *
    f5 big-ip domain name system *
    f5 big-ip domain name system *
    f5 big-ip domain name system *
    f5 big-ip enterprise manager 3.1.1
    f5 big-iq centralized management 4.6.0
    f5 big-iq centralized management *
    f5 big-iq cloud and orchestration 1.0.0
    f5 f5 iworkflow *
    f5 enterprise manager 3.1.1
    f5 big-ip 12.0.0
    f5 big-ip 12.1.2
    f5 big-ip 13.0.0
    f5 big-ip 12.1.1
    f5 big-ip 13.1.0.5
    f5 big-ip 11.6.3.1
    f5 big-iq centralized management 5.0.0
    f5 big-iq centralized management 5.4.0
    f5 big-iq cloud and orchestration 1.0.0
    f5 big-iq centralized management 4.6.0
    f5 iworkflow 2.0.2
    f5 iworkflow 2.3.0