1. Home
  2. CVE Database
  3. CVE-2018-5520
MEDIUM · 4.4

CVE-2018-5520

On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthor...

Vulnerability Description

On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.

CVSS Score

4.4

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
F5Big-Ip Local Traffic Manager>= 11.2.1, <= 11.6.3
F5Big-Ip Application Acceleration Manager>= 11.2.1, <= 11.6.3
F5Big-Ip Advanced Firewall Manager>= 11.2.1, <= 11.6.3
F5Big-Ip Analytics>= 11.2.1, <= 11.6.3
F5Big-Ip Access Policy Manager>= 11.2.1, <= 11.6.3
F5Big-Ip Application Security Manager>= 11.2.1, <= 11.6.3
F5Big-Ip Edge Gateway>= 11.2.1, <= 11.6.3
F5Big-Ip Global Traffic Manager>= 11.2.1, <= 11.6.3
F5Big-Ip Link Controller>= 11.2.1, <= 11.6.3
F5Big-Ip Policy Enforcement Manager>= 11.2.1, <= 11.6.3
F5Big-Ip Webaccelerator>= 11.2.1, <= 11.6.3
F5Big-Ip Websafe>= 11.2.1, <= 11.6.3
F5Big-Ip Domain Name System>= 11.2.1, <= 11.6.3

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2018-5520?

CVE-2018-5520 is a vulnerability with a CVSS score of 4.4 (MEDIUM). On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthor...

How severe is CVE-2018-5520?

CVE-2018-5520 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-5520?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.