F5 Networks BIG-IP : Appliance mode tmsh access vulnerability (K02043709)
Low Nessus Plugin ID 118616
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionOn a BIG-IP system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. (CVE-2018-5520)
Note : Appliance mode is designed to meet the needs of customers in especially sensitive sectors by limiting the BIG-IP system administrative access to match that of a typical network appliance and not a multi-user UNIX device. When a BIG-IP system is configured in Appliance mode, the Advanced Shell ( bash ) access to the file system is restricted. For information about Appliance mode, refer to K12815:
Overview of Appliance mode.
This vulnerability allows unauthorized disclosure of information.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K02043709.