CVE-2018-15321

Description

When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.

References

Link	Tags
https://support.f5.com/csp/article/K01067037	mitigation vendor advisory

Frequently Asked Questions

What is the severity of CVE-2018-15321?: CVE-2018-15321 has been scored as a medium severity vulnerability.
How to fix CVE-2018-15321?: To fix CVE-2018-15321, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-15321 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2018-15321 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-15321?: CVE-2018-15321 affects F5 Networks, Inc. BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager.

Description

Category

CWE-269 – Improper Privilege Management

References

Frequently Asked Questions