CVE-2018-5511

Published Apr 13, 2018
Last updated 3 days ago
CVSS high 7.2
Overview

Description: On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
Source: f5sirt@f5.com
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-470
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DD7E85A-BE85-4CA1-B9CB-0888735EA132"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "074CB0CC-E7CD-402E-9EFD-954DAB79D68B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76EAD6EA-811F-4193-A83D-E70A9A53AFC0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D536A57-C7DB-4CE1-AE13-254C650343A6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5491BC3C-EE0C-43FA-B870-BBF9FC4FADB2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5FDBD38-369B-4007-8D9A-B65B83B2AABD"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D3374BE-6A37-48B5-83D4-D61558A8433E"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA7714D5-C0B3-42E0-9F33-C52A93472D04"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB414A2A-AA17-4137-8881-9B7BAFA5E918"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06A1E194-8FBF-4546-B8D6-6C3B9B142401"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0948894-8098-4532-9E4A-9491E3761C95"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E703FAB-BFCD-47A1-94BD-DD63879DE883"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FE647AD-9B1C-4C8F-9374-9E06677AFF2D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_websafe:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B4CB875-6B18-4EA7-8948-189F0130CF1F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F2F72B2-84F2-4FA2-9B53-E98344235EB6"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FAFAF12-3981-4180-9C2C-994B93DACFCB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_enterprise_manager:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADE47FF9-E13D-41D3-BEA2-EF1B973CB0A9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:workstation:14.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF42475C-4684-4EBE-B228-718967A6F650"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:workstation_player:15.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "577BAFEB-BC5C-407B-B9D2-0ECD0FE1C946"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
