CVE-2018-5540
Severity Score
4.4
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.
En F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1 o 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0 o F5 iWorkflow 2.1.0-2.3.0, el proceso big3d no no minimiza irrevocablemente los privilegios de grupo al arranque.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-12 CVE Reserved
- 2018-07-19 CVE Published
- 2023-07-13 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104920 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041340 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041341 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.f5.com/csp/article/K82038789 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| F5 Search vendor "F5" | Big-ip Domain Name System Search vendor "F5" for product "Big-ip Domain Name System" | >= 11.5.1 <= 11.5.6 Search vendor "F5" for product "Big-ip Domain Name System" and version " >= 11.5.1 <= 11.5.6" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Domain Name System Search vendor "F5" for product "Big-ip Domain Name System" | >= 11.6.0 <= 11.6.3.1 Search vendor "F5" for product "Big-ip Domain Name System" and version " >= 11.6.0 <= 11.6.3.1" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Domain Name System Search vendor "F5" for product "Big-ip Domain Name System" | >= 12.1.0 <= 12.1.3.3 Search vendor "F5" for product "Big-ip Domain Name System" and version " >= 12.1.0 <= 12.1.3.3" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Domain Name System Search vendor "F5" for product "Big-ip Domain Name System" | >= 13.0.0 <= 13.0.1 Search vendor "F5" for product "Big-ip Domain Name System" and version " >= 13.0.0 <= 13.0.1" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Global Traffic Manager Search vendor "F5" for product "Big-ip Global Traffic Manager" | >= 11.5.1 <= 11.5.6 Search vendor "F5" for product "Big-ip Global Traffic Manager" and version " >= 11.5.1 <= 11.5.6" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Global Traffic Manager Search vendor "F5" for product "Big-ip Global Traffic Manager" | >= 11.6.0 <= 11.6.3.1 Search vendor "F5" for product "Big-ip Global Traffic Manager" and version " >= 11.6.0 <= 11.6.3.1" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Global Traffic Manager Search vendor "F5" for product "Big-ip Global Traffic Manager" | >= 12.1.0 <= 12.1.3.3 Search vendor "F5" for product "Big-ip Global Traffic Manager" and version " >= 12.1.0 <= 12.1.3.3" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Global Traffic Manager Search vendor "F5" for product "Big-ip Global Traffic Manager" | >= 13.0.0 <= 13.0.1 Search vendor "F5" for product "Big-ip Global Traffic Manager" and version " >= 13.0.0 <= 13.0.1" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Enterprise Manager Search vendor "F5" for product "Enterprise Manager" | 3.1.1 Search vendor "F5" for product "Enterprise Manager" and version "3.1.1" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-iq Centralized Management Search vendor "F5" for product "Big-iq Centralized Management" | >= 5.0.0 <= 5.1.0 Search vendor "F5" for product "Big-iq Centralized Management" and version " >= 5.0.0 <= 5.1.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-iq Cloud And Orchestration Search vendor "F5" for product "Big-iq Cloud And Orchestration" | 1.0.0 Search vendor "F5" for product "Big-iq Cloud And Orchestration" and version "1.0.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | F5 Iworkflow Search vendor "F5" for product "F5 Iworkflow" | >= 2.1.0 <= 2.3.0 Search vendor "F5" for product "F5 Iworkflow" and version " >= 2.1.0 <= 2.3.0" | - |
Affected
| ||||||