CVE-2018-5523

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.2.1, 11.5.1 through 11.5.5, 11.6.1 through 11.6.3.1, 12.1.0 through 12.1.3.1, 13.0.0, 13.1.0 through 13.1.0.3 Enterprise Manager version 3.1.1

Description The issue affects authenticated administrative users who run commands in the Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. Restrictions on allowed commands may not be enforced, potentially leading to unauthorized actions.

Recommendations For F5 BIG-IP versions 11.2.1, 11.5.1 through 11.5.5, 11.6.1 through 11.6.3.1, 12.1.0 through 12.1.3.1, 13.0.0, 13.1.0 through 13.1.0.3, consider restricting access to the TMUI to minimize the risk of exploitation. For Enterprise Manager version 3.1.1, restrict access to the TMUI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.