Vulnerability Details CVE-2018-5511
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.06
EPSS Ranking 90.2%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html
- https://support.f5.com/csp/article/K30500703
- https://www.exploit-db.com/exploits/46600/
- http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html
- https://support.f5.com/csp/article/K30500703
- https://www.exploit-db.com/exploits/46600/
Products affected by CVE-2018-5511
-
cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.0
-
cpe:2.3:a:f5:big-ip_analytics:13.0.0
-
cpe:2.3:a:f5:big-ip_analytics:13.1.0
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0
-
cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0
-
cpe:2.3:a:f5:big-ip_domain_name_system:13.1.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:13.0.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:13.1.0
-
cpe:2.3:a:f5:big-ip_enterprise_manager:3.1.1
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.0
-
cpe:2.3:a:f5:big-ip_link_controller:13.0.0
-
cpe:2.3:a:f5:big-ip_link_controller:13.1.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.0
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:13.0.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:13.1.0
-
cpe:2.3:a:f5:big-ip_websafe:13.0.0
-
cpe:2.3:a:f5:big-ip_websafe:13.1.0
-
cpe:2.3:a:vmware:workstation:14.1.5
-
cpe:2.3:a:vmware:workstation_player:15.0.2
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_10:1511
-
cpe:2.3:o:microsoft:windows_10:1607
-
cpe:2.3:o:microsoft:windows_10:1703
-
cpe:2.3:o:microsoft:windows_10:1709
-
cpe:2.3:o:microsoft:windows_10:1803
-
cpe:2.3:o:microsoft:windows_10:1809
-
cpe:2.3:o:microsoft:windows_10:1903
-
cpe:2.3:o:microsoft:windows_10:1909
-
cpe:2.3:o:microsoft:windows_10:2004
-
cpe:2.3:o:microsoft:windows_10:2019
-
cpe:2.3:o:microsoft:windows_10:20h2
-
cpe:2.3:o:microsoft:windows_10:21h1
-
cpe:2.3:o:microsoft:windows_10:21h2
-
cpe:2.3:o:microsoft:windows_10:22h2