PT-2018-17013 · F5 · F5 Big-Ip
Publicado
2018-05-02
·
Atualizado
2019-10-03
·
CVE-2018-5519
CVSS v2.0
5.5
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 11.2.1 through 11.6.3.1
F5 BIG-IP versions 12.1.0 through 12.1.3.3
F5 BIG-IP versions 13.0.0 through 13.1.0.5
Description
Administrative users can exploit the ssldump utility to write to arbitrary file paths using undisclosed methods. This issue allows more permissive file access than intended for users without Advanced Shell access, such as those licensed for Appliance Mode.
Recommendations
For F5 BIG-IP versions 11.2.1 through 11.6.3.1, restrict access to the ssldump utility to minimize the risk of exploitation.
For F5 BIG-IP versions 12.1.0 through 12.1.3.3, consider disabling the ssldump utility until a patch is available.
For F5 BIG-IP versions 13.0.0 through 13.1.0.5, limit file access permissions to prevent arbitrary file path writing.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
F5 Big-Ip