Vulnerabilities > CVE-2018-15327 - Missing Authorization vulnerability in F5 products

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
f5
CWE-862
nessus
NVD
Published: 2018-10-31
Updated: 2019-10-03

Summary

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

Vulnerable Configurations

Part Description Count
Application
F5
270

Common Weakness Enumeration (CWE)

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL20222812.NASL
descriptionWhen authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. (CVE-2018-15327) Impact BIG-IP and Enterprise Manager This vulnerability allowsa privilege escalation for authenticated administrative users. BIG-IQ, F5 iWorkflow, and Traffix SDC There is no impact; these F5 products are not affected by this vulnerability.
last seen2020-03-17
modified2018-11-02
plugin id118638
published2018-11-02
reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/118638
titleF5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K20222812)

References