CVE-2018-15333

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.2.1 and greater

Description The issue allows a BIG-IP system's user with any role, including the Guest Role, to access and download previously generated snapshot files, such as QKView and TCPDumps, through unrestricted Snapshot File Access in the BIG-IP configuration utility.

Recommendations For versions 11.2.1 and greater, restrict access to the Snapshot File Access feature to minimize the risk of unauthorized access to sensitive files. Consider limiting the roles that can access snapshot files to only those that require it, and remove access for the Guest Role.