CVE-2018-15321
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-15321
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款F5产品安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
F5 BIG-IP等都是美国F5公司的产品。F5 BIG-IP是一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的多合一网络设备。BIG-IQ Centralized Management是一套基于软件的云管理解决方案。 多款F5产品中存在安全漏洞。攻击者可借助TMSH访问权限利用该漏洞绕过BIG-IP Appliance Mode限制,覆盖重要的文件资源。以下产品和版本受到影响:F5 BIG-IP 14.0.0版本至14.0.0.2版本,13.0.0版本至13.1.0.5版本,12.1.0版本至
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager | 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6 | - |
II. Public POCs for CVE-2018-15321
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-15321
Please Login to view more intelligence information
- https://support.f5.com/csp/article/K01067037x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2018-15321
Same Patch Batch · F5 Networks, Inc. · 2018-10-31 · 11 CVEs total
| CVE-2018-15317 | F5 BIG-IP 加密问题漏洞 | |
| CVE-2018-15318 | F5 BIG-IP 安全漏洞 | |
| CVE-2018-15319 | F5 BIG-IP 安全漏洞 | |
| CVE-2018-15320 | F5 BIG-IP 安全漏洞 | |
| CVE-2018-15322 | 多款F5产品安全漏洞 | |
| CVE-2018-15323 | F5 BIG-IP 安全漏洞 | |
| CVE-2018-15324 | F5 BIG-IP Access Policy Manager 安全漏洞 | |
| CVE-2018-15325 | F5 BIG-IP 安全漏洞 | |
| CVE-2018-15326 | F5 BIG-IP Access Policy Manager 安全漏洞 | |
| CVE-2018-15327 | F5 BIG-IP和Enterprise Manager 安全漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2018-15321
No comments yet