Privilege escalation in BIG-IP - CVE-2018-15327
Published: November 12, 2018
Vulnerability identifier: #VU15797
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-15327
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: F5 Networks
Affected software:
BIG-IP
BIG-IP
Detailed vulnerability description
The vulnerability allows a remote administrative attacker to gain elevated privileges on the target system.
The weakness exists due to improper privileges and access controls. When authenticated administrative user runs commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
The weakness exists due to improper privileges and access controls. When authenticated administrative user runs commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
How to mitigate CVE-2018-15327
The vulnerability has been fixed in the versions 14.0.0.3, 13.1.1.2.