F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K00363258)
Medium Nessus Plugin ID 118614
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionA local file vulnerability exists in the BIG-IP Configuration utility that exposes files containing F5-provided data only, and do not include configuration data, proxied traffic, or other potentially sensitive customer data. (CVE-2018-5525)
Authenticated users may be able to retrieve files local to the BIG-IP system using the Configuration utility.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K00363258.