Detections
Analytics
F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K20222812)
high Nessus Plugin ID 118638
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
When authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. (CVE-2018-15327)Impact
BIG-IP and Enterprise Manager
This vulnerability allowsa privilege escalation for authenticated administrative users.
BIG-IQ, F5 iWorkflow, and Traffix SDC
There is no impact; these F5 products are not affected by this vulnerability.
Solution
Upgrade to one of the non-vulnerable versions listed in the F5 Solution K20222812.See Also
Plugin Details
Severity: High
ID: 118638
File Name: f5_bigip_SOL20222812.nasl
Version: 1.8
Type: local
Published: 11/2/2018
Updated: 11/3/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2018-15327
CVSS v3
Risk Factor: High
Base Score: 7.2
Temporal Score: 6.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_domain_name_system, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_webaccelerator, cpe:/h:f5:big-ip
Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version
Exploit Ease: No known exploits are available
Patch Publication Date: 10/30/2018
Vulnerability Publication Date: 10/31/2018
Reference Information
CVE: CVE-2018-15327