F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K20222812)
Medium Nessus Plugin ID 118638
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionWhen authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. (CVE-2018-15327)
BIG-IP and Enterprise Manager
This vulnerability allowsa privilege escalation for authenticated administrative users.
BIG-IQ, F5 iWorkflow, and Traffix SDC
There is no impact; these F5 products are not affected by this vulnerability.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K20222812.