Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for BIG-IQ Centralized Management by F5 Networks, Inc.

    CVE-2018-5540 (GCVE-0-2018-5540)

    Vulnerability from nvd – Published: 2018-07-19 14:00 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1041340 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K82038789 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/104920 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041341 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.601Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1041340",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041340"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K82038789"
              },
              {
                "name": "104920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104920"
              },
              {
                "name": "1041341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (DNS, GTM)",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0-13.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.6.0-11.6.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.5.1-11.5.6"
                }
              ]
            },
            {
              "product": "Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            },
            {
              "product": "BIG-IQ Centralized Management",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0-5.1.0"
                }
              ]
            },
            {
              "product": "BIG-IQ Cloud and Orchestration",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            },
            {
              "product": "F5 iWorkflow",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0-2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-31T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1041340",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041340"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K82038789"
            },
            {
              "name": "104920",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104920"
            },
            {
              "name": "1041341",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-07-18T00:00:00",
              "ID": "CVE-2018-5540",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (DNS, GTM)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0-13.0.1"
                              },
                              {
                                "version_value": "12.1.0-12.1.3.3"
                              },
                              {
                                "version_value": "11.6.0-11.6.3.1"
                              },
                              {
                                "version_value": "11.5.1-11.5.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Centralized Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0-5.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Cloud and Orchestration",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "F5 iWorkflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0-2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1041340",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041340"
                },
                {
                  "name": "https://support.f5.com/csp/article/K82038789",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K82038789"
                },
                {
                  "name": "104920",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104920"
                },
                {
                  "name": "1041341",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5540",
        "datePublished": "2018-07-19T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:23.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5516 (GCVE-0-2018-5516)

    Vulnerability from nvd – Published: 2018-05-02 13:00 – Updated: 2024-09-17 02:41
    VLAI
    Summary
    On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K37442533 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040800 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1040799 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-04-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.596Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K37442533"
              },
              {
                "name": "1040800",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040800"
              },
              {
                "name": "1040799",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040799"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0-13.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.1-11.6.3.1"
                }
              ]
            },
            {
              "product": "Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            },
            {
              "product": "BIG-IQ Centralized Management",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0-5.4.0"
                },
                {
                  "status": "affected",
                  "version": "4.6.0"
                }
              ]
            },
            {
              "product": "BIG-IQ Cloud and Orchestration",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            },
            {
              "product": "iWorkflow",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2-2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-04-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-03T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K37442533"
            },
            {
              "name": "1040800",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040800"
            },
            {
              "name": "1040799",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040799"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-04-30T00:00:00",
              "ID": "CVE-2018-5516",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0-13.1.0.5"
                              },
                              {
                                "version_value": "12.1.0-12.1.2"
                              },
                              {
                                "version_value": "11.2.1-11.6.3.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Centralized Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0-5.4.0"
                              },
                              {
                                "version_value": "4.6.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Cloud and Orchestration",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iWorkflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.2-2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K37442533",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K37442533"
                },
                {
                  "name": "1040800",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040800"
                },
                {
                  "name": "1040799",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040799"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5516",
        "datePublished": "2018-05-02T13:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:41:51.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6152 (GCVE-0-2017-6152)

    Vulnerability from nvd – Published: 2018-03-08 14:00 – Updated: 2024-09-16 17:28
    VLAI
    Summary
    A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K35195140 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/103441 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2018-03-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.783Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K35195140"
              },
              {
                "name": "103441",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103441"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IQ Centralized Management",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0-5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-03-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-20T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K35195140"
            },
            {
              "name": "103441",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103441"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-03-07T00:00:00",
              "ID": "CVE-2017-6152",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IQ Centralized Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0-5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K35195140",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K35195140"
                },
                {
                  "name": "103441",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103441"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6152",
        "datePublished": "2018-03-08T14:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:28:33.142Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5540 (GCVE-0-2018-5540)

    Vulnerability from cvelistv5 – Published: 2018-07-19 14:00 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1041340 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K82038789 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/104920 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041341 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.601Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1041340",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041340"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K82038789"
              },
              {
                "name": "104920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104920"
              },
              {
                "name": "1041341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (DNS, GTM)",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0-13.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.6.0-11.6.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.5.1-11.5.6"
                }
              ]
            },
            {
              "product": "Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            },
            {
              "product": "BIG-IQ Centralized Management",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0-5.1.0"
                }
              ]
            },
            {
              "product": "BIG-IQ Cloud and Orchestration",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            },
            {
              "product": "F5 iWorkflow",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0-2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-31T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1041340",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041340"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K82038789"
            },
            {
              "name": "104920",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104920"
            },
            {
              "name": "1041341",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-07-18T00:00:00",
              "ID": "CVE-2018-5540",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (DNS, GTM)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0-13.0.1"
                              },
                              {
                                "version_value": "12.1.0-12.1.3.3"
                              },
                              {
                                "version_value": "11.6.0-11.6.3.1"
                              },
                              {
                                "version_value": "11.5.1-11.5.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Centralized Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0-5.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Cloud and Orchestration",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "F5 iWorkflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0-2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1041340",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041340"
                },
                {
                  "name": "https://support.f5.com/csp/article/K82038789",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K82038789"
                },
                {
                  "name": "104920",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104920"
                },
                {
                  "name": "1041341",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5540",
        "datePublished": "2018-07-19T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:23.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5516 (GCVE-0-2018-5516)

    Vulnerability from cvelistv5 – Published: 2018-05-02 13:00 – Updated: 2024-09-17 02:41
    VLAI
    Summary
    On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K37442533 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040800 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1040799 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-04-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.596Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K37442533"
              },
              {
                "name": "1040800",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040800"
              },
              {
                "name": "1040799",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040799"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0-13.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.1-11.6.3.1"
                }
              ]
            },
            {
              "product": "Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            },
            {
              "product": "BIG-IQ Centralized Management",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0-5.4.0"
                },
                {
                  "status": "affected",
                  "version": "4.6.0"
                }
              ]
            },
            {
              "product": "BIG-IQ Cloud and Orchestration",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            },
            {
              "product": "iWorkflow",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2-2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-04-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-03T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K37442533"
            },
            {
              "name": "1040800",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040800"
            },
            {
              "name": "1040799",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040799"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-04-30T00:00:00",
              "ID": "CVE-2018-5516",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0-13.1.0.5"
                              },
                              {
                                "version_value": "12.1.0-12.1.2"
                              },
                              {
                                "version_value": "11.2.1-11.6.3.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Centralized Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0-5.4.0"
                              },
                              {
                                "version_value": "4.6.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Cloud and Orchestration",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iWorkflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.2-2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K37442533",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K37442533"
                },
                {
                  "name": "1040800",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040800"
                },
                {
                  "name": "1040799",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040799"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5516",
        "datePublished": "2018-05-02T13:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:41:51.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6152 (GCVE-0-2017-6152)

    Vulnerability from cvelistv5 – Published: 2018-03-08 14:00 – Updated: 2024-09-16 17:28
    VLAI
    Summary
    A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K35195140 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/103441 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2018-03-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.783Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K35195140"
              },
              {
                "name": "103441",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103441"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IQ Centralized Management",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0-5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-03-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-20T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K35195140"
            },
            {
              "name": "103441",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103441"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-03-07T00:00:00",
              "ID": "CVE-2017-6152",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IQ Centralized Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0-5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K35195140",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K35195140"
                },
                {
                  "name": "103441",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103441"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6152",
        "datePublished": "2018-03-08T14:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:28:33.142Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }