CVE-2018-15321

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 14.0.0 through 14.0.0.2 F5 BIG-IP versions 13.0.0 through 13.1.0.5 F5 BIG-IP versions 12.1.0 through 12.1.3.5 F5 BIG-IP versions 11.6.0 through 11.6.3.2 F5 BIG-IP versions 11.2.1 through 11.5.6 F5 BIG-IQ Centralized Management versions 5.0.0 through 5.4.0 F5 BIG-IQ Centralized Management version 4.6.0 F5 BIG-IQ Cloud and Orchestration version 1.0.0 F5 iWorkflow versions 2.1.0 through 2.3.0 F5 Enterprise Manager version 3.1.1

Description The issue allows high-privilege attackers to bypass security controls and overwrite critical system files when the system is licensed for Appliance Mode. This can be done by Admin and Resource administrator roles, who can bypass BIG-IP Appliance Mode restrictions. The attack requires TMSH access and can be performed by Resource administrator roles with TMSH access.

Recommendations For F5 BIG-IP versions 14.0.0 through 14.0.0.2, consider restricting TMSH access to prevent critical system files from being overwritten. For F5 BIG-IP versions 13.0.0 through 13.1.0.5, restrict TMSH access for Resource administrator roles to minimize the risk of exploitation. For F5 BIG-IP versions 12.1.0 through 12.1.3.5, limit the ability of Admin and Resource administrator roles to overwrite critical system files. For F5 BIG-IP versions 11.6.0 through 11.6.3.2, remove TMSH access from Resource administrator roles to prevent bypassing of security controls. For F5 BIG-IP versions 11.2.1 through 11.5.6, restrict access to critical system files for high-privilege attackers. For F5 BIG-IQ Centralized Management versions 5.0.0 through 5.4.0, consider disabling TMSH access for Resource administrator roles. For F5 BIG-IQ Centralized Management version 4.6.0, restrict TMSH access to prevent exploitation. For F5 BIG-IQ Cloud and Orchestration version 1.0.0, limit the ability of attackers to overwrite critical system files. For F5 iWorkflow versions 2.1.0 through 2.3.0, remove TMSH access from Resource administrator roles. For F5 Enterprise Manager version 3.1.1, consider restricting TMSH access to prevent critical system files from being overwritten.