F5 Networks BIG-IP : big3d vulnerability (K82038789)

Low Nessus Plugin ID 118700

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The big3d process does not irrevocably minimize group privileges at startup. (CVE-2018-5540)

Impact

There is not a known attack vector, but if the big3d process is compromised, it is possible for it to regain the group privileges it was launched with.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K82038789.

See Also

https://support.f5.com/csp/#/article/K82038789

Plugin Details

Severity: Low

ID: 118700

File Name: f5_bigip_SOL82038789.nasl

Version: 1.1

Type: local

Published: 2018/11/02

Modified: 2018/11/02

Dependencies: 76940

Risk Information

Risk Factor: Low

CVSS v2.0

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 4.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/a:f5:big-ip_global_traffic_manager, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Patch Publication Date: 2018/07/18

Reference Information

CVE: CVE-2018-5540