Details of VAR-201812-0376

ID

VAR-201812-0376

CVE

CVE-2018-15329

TITLE

plural F5 BIG-IP Command injection vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2018-013200

DESCRIPTION

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. plural F5 BIG-IP The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both F5 BIG-IP and Enterprise Manager are products of the US company F5. F5 BIG-IP is an all-in-one network device that integrates functions such as network traffic management, application security management, and load balancing. Enterprise Manager is a tool that provides visibility into the entire BIG-IP application delivery infrastructure and optimizes application performance. Traffic Management User Interface is one of the user management interfaces. An attacker could exploit this vulnerability to run restricted commands. The following products and versions are affected: F5 BIG-IP version 14.0.0 to version 14.0.0.2, version 13.0.0 to version 13.1.1.1, version 12.1.0 to version 12.1.3.7; Enterprise Manager version 3.1.1

Trust: 1.71

sources: NVD: CVE-2018-15329 // JVNDB: JVNDB-2018-013200 // VULHUB: VHN-125577

AFFECTED PRODUCTS

vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.1.1	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	13.1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	14.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	12.1.3.7	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	enterprise manager software	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.1	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.1	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.0	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0.0	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.0	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.2	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.0.0	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.3	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0.1	Trust: 0.6

sources: JVNDB: JVNDB-2018-013200 // CNNVD: CNNVD-201812-948 // NVD: CVE-2018-15329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15329
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-15329
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201812-948
value:	HIGH
Trust: 0.6
VULHUB:	VHN-125577
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15329
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125577
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15329
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125577 // JVNDB: JVNDB-2018-013200 // CNNVD: CNNVD-201812-948 // NVD: CVE-2018-15329

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.1
problemtype:	CWE-77	Trust: 0.8

sources: VULHUB: VHN-125577 // JVNDB: JVNDB-2018-013200 // NVD: CVE-2018-15329

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-948

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201812-948

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013200

PATCH

title:	K61620494	url:	https://support.f5.com/csp/article/K61620494	Trust: 0.8
title:	F5 BIG-IP and Enterprise Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88108	Trust: 0.6

sources: JVNDB: JVNDB-2018-013200 // CNNVD: CNNVD-201812-948

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15329	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-013200	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-948	Trust: 0.7
db:	VULHUB	id:	VHN-125577	Trust: 0.1

sources: VULHUB: VHN-125577 // JVNDB: JVNDB-2018-013200 // CNNVD: CNNVD-201812-948 // NVD: CVE-2018-15329

REFERENCES

url:	https://support.f5.com/csp/article/k61620494	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15329	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15329	Trust: 0.8

sources: VULHUB: VHN-125577 // JVNDB: JVNDB-2018-013200 // CNNVD: CNNVD-201812-948 // NVD: CVE-2018-15329

SOURCES

db:	VULHUB	id:	VHN-125577
db:	JVNDB	id:	JVNDB-2018-013200
db:	CNNVD	id:	CNNVD-201812-948
db:	NVD	id:	CVE-2018-15329

LAST UPDATE DATE

2024-11-23T22:00:10.724000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125577	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013200	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201812-948	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-15329	date:	2024-11-21T03:50:34.563

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125577	date:	2018-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-013200	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201812-948	date:	2018-12-21T00:00:00
db:	NVD	id:	CVE-2018-15329	date:	2018-12-20T20:29:00.277