Vulnerability Details : CVE-2018-5511
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
Exploit prediction scoring system (EPSS) score for CVE-2018-5511
Probability of exploitation activity in the next 30 days: 3.52%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-5511
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
[email protected] |
|
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
[email protected] |
CWE ids for CVE-2018-5511
-
The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.Assigned by: [email protected] (Primary)
References for CVE-2018-5511
-
https://www.exploit-db.com/exploits/46600/
Exploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html
Third Party Advisory;VDB Entry
-
https://support.f5.com/csp/article/K30500703
Vendor Advisory
Products affected by CVE-2018-5511
- cpe:2.3:a:vmware:workstation:14.1.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows 10
- cpe:2.3:a:vmware:workstation_player:15.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_webaccelerator:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_webaccelerator:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_edge_gateway:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_edge_gateway:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_enterprise_manager:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_domain_name_system:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_websafe:13.1.0:*:*:*:*:*:*:*