| Vulnerability Name: | CVE-2018-5519 (CCN-142681) | ||||||||||||
| Assigned: | 2018-05-02 | ||||||||||||
| Published: | 2018-05-02 | ||||||||||||
| Updated: | 2019-10-03 | ||||||||||||
| Summary: | On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended. | ||||||||||||
| CVSS v3 Severity: | 4.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N) 4.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-5519 Source: CCN Type: SECTRACK ID: 1040803 F5 BIG-IP ssldump Lets Remote Authenticated Users Modify Files on the Target System Source: SECTRACK Type: Third Party Advisory, VDB Entry 1040803 Source: XF Type: UNKNOWN f5-cve20185519-sec-bypass(142681) Source: CCN Type: F5 Security Advisory K46121888 ssldump vulnerability CVE-2018-5519 Source: CONFIRM Type: Vendor Advisory https://support.f5.com/csp/article/K46121888 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration 5: Configuration 6: Configuration 7: Configuration 8: Configuration 9: Configuration 10: Configuration 11: Configuration 12: Configuration 13: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||