CVE-2018-15321 — MEDIUM (4.9)

Q: How severe is CVE-2018-15321?

CVE-2018-15321 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-15321?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.

Vulnerability Description

When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.

CVSS Score

4.9

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
F5	Big-Ip Local Traffic Manager	>= 11.2.1, <= 11.5.6
F5	Big-Ip Advanced Firewall Manager	>= 11.2.1, <= 11.5.6
F5	Big-Ip Application Acceleration Manager	>= 11.2.1, <= 11.5.6
F5	Big-Ip Analytics	>= 11.2.1, <= 11.5.6
F5	Big-Ip Access Policy Manager	>= 11.2.1, <= 11.5.6
F5	Big-Ip Protocol Security Module	>= 11.2.1, <= 11.5.6
F5	Big-Ip Domain Name System	>= 11.2.1, <= 11.5.6
F5	Big-Ip Edge Gateway	>= 11.2.1, <= 11.5.6
F5	Big-Ip Fraud Protection Service	>= 11.2.1, <= 11.5.6
F5	Big-Ip Global Traffic Manager	>= 11.2.1, <= 11.5.6
F5	Big-Ip Link Controller	>= 11.2.1, <= 11.5.6
F5	Big-Ip Policy Enforcement Manager	>= 11.2.1, <= 11.5.6
F5	Big-Ip Webaccelerator	>= 11.2.1, <= 11.5.6
F5	Enterprise Manager	3.1.1
F5	Big-Iq Centralized Management	>= 5.0.0, <= 5.4.0
F5	Big-Iq Cloud And Orchestration	1.0.0
F5	Iworkflow	>= 2.1.0, <= 2.3.0

Related Weaknesses (CWE)

CWE-269

References

https://support.f5.com/csp/article/K01067037MitigationVendor Advisory
https://support.f5.com/csp/article/K01067037MitigationVendor Advisory

FAQ

What is CVE-2018-15321?

CVE-2018-15321 is a vulnerability with a CVSS score of 4.9 (MEDIUM). When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2....

How severe is CVE-2018-15321?

CVE-2018-15321 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-15321?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.