CVE-2018-5540

Published: Jul 19, 2018Modified: Nov 21, 2024

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.

Affected (12)

Products: F5: Big Ip Domain Name System, Big Ip Global Traffic Manager, Enterprise Manager, Big Iq Centralized Management, Big Iq Cloud And Orchestration, F5 Iworkflow

6 products

Big Ip Domain Name System

Big Ip Global Traffic Manager

Enterprise Manager

Big Iq Centralized Management

Big Iq Cloud And Orchestration

F5 Iworkflow

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Domain Name System	From 11.5.1 to 11.5.6
F5 Big Ip Domain Name System	From 11.6.0 to 11.6.3.1
F5 Big Ip Domain Name System	From 12.1.0 to 12.1.3.3
F5 Big Ip Domain Name System	From 13.0.0 to 13.0.1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Global Traffic Manager	From 11.5.1 to 11.5.6
F5 Big Ip Global Traffic Manager	From 11.6.0 to 11.6.3.1
F5 Big Ip Global Traffic Manager	From 12.1.0 to 12.1.3.3
F5 Big Ip Global Traffic Manager	From 13.0.0 to 13.0.1