F5 Networks BIG-IP : tmsh utility vulnerability (K28003839)
High Nessus Plugin ID 118650
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionA BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the editcli preference commandand proceeds to savethe changes to another filename repeatedly. This actionutilizes storage space on the /var partition and when performed repeatedly causes the /var partition to befull. (CVE-2018-15322)
BIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow
The BIG-IP system experiences a denial-of-service (DoS) attack until the storage space on the /var partition returns to normal. This vulnerability also applies to a BIG-IP system running in Appliance mode if it is configured to grant a BIG-IP user with TMOS Shell ( tmsh ) access.
There is no impact; this F5 product is not affected by this vulnerability.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K28003839.