ID

VAR-201812-0376


CVE

CVE-2018-15329


TITLE

plural F5 BIG-IP Command injection vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2018-013200

DESCRIPTION

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. plural F5 BIG-IP The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both F5 BIG-IP and Enterprise Manager are products of the US company F5. F5 BIG-IP is an all-in-one network device that integrates functions such as network traffic management, application security management, and load balancing. Enterprise Manager is a tool that provides visibility into the entire BIG-IP application delivery infrastructure and optimizes application performance. Traffic Management User Interface is one of the user management interfaces. An attacker could exploit this vulnerability to run restricted commands. The following products and versions are affected: F5 BIG-IP version 14.0.0 to version 14.0.0.2, version 13.0.0 to version 13.1.1.1, version 12.1.0 to version 12.1.3.7; Enterprise Manager version 3.1.1

Trust: 1.71

sources: NVD: CVE-2018-15329 // JVNDB: JVNDB-2018-013200 // VULHUB: VHN-125577

AFFECTED PRODUCTS

vendor:f5model:enterprise managerscope:eqversion:3.1.1

Trust: 1.6

vendor:f5model:big-ip application security managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:13.1.1.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:14.0.0.2

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:12.1.3.7

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip advanced firewall managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip analyticsscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application acceleration managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application security managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip domain name systemscope: - version: -

Trust: 0.8

vendor:f5model:big-ip edge gatewayscope: - version: -

Trust: 0.8

vendor:f5model:big-ip fraud protection servicescope: - version: -

Trust: 0.8

vendor:f5model:big-ip global traffic managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip link controllerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip local traffic managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip policy enforcement managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip webacceleratorscope: - version: -

Trust: 0.8

vendor:f5model:enterprise manager softwarescope: - version: -

Trust: 0.8

vendor:f5model:big-ip webacceleratorscope:eqversion:13.1.1

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1.1

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:13.1.0

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:13.0.0

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1.0

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1.2

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:14.0.0

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1.3

Trust: 0.6

vendor:f5model:big-ip webacceleratorscope:eqversion:13.0.1

Trust: 0.6

sources: CNNVD: CNNVD-201812-948 // JVNDB: JVNDB-2018-013200 // NVD: CVE-2018-15329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15329
value: HIGH

Trust: 1.0

NVD: CVE-2018-15329
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-948
value: HIGH

Trust: 0.6

VULHUB: VHN-125577
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15329
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125577
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15329
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125577 // CNNVD: CNNVD-201812-948 // JVNDB: JVNDB-2018-013200 // NVD: CVE-2018-15329

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-77

Trust: 0.8

sources: VULHUB: VHN-125577 // JVNDB: JVNDB-2018-013200 // NVD: CVE-2018-15329

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-948

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201812-948

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013200

PATCH

title:K61620494url:https://support.f5.com/csp/article/K61620494

Trust: 0.8

title:F5 BIG-IP and Enterprise Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88108

Trust: 0.6

sources: CNNVD: CNNVD-201812-948 // JVNDB: JVNDB-2018-013200

EXTERNAL IDS

db:NVDid:CVE-2018-15329

Trust: 2.5

db:JVNDBid:JVNDB-2018-013200

Trust: 0.8

db:CNNVDid:CNNVD-201812-948

Trust: 0.7

db:VULHUBid:VHN-125577

Trust: 0.1

sources: VULHUB: VHN-125577 // CNNVD: CNNVD-201812-948 // JVNDB: JVNDB-2018-013200 // NVD: CVE-2018-15329

REFERENCES

url:https://support.f5.com/csp/article/k61620494

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15329

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-15329

Trust: 0.8

sources: VULHUB: VHN-125577 // CNNVD: CNNVD-201812-948 // JVNDB: JVNDB-2018-013200 // NVD: CVE-2018-15329

SOURCES

db:VULHUBid:VHN-125577
db:CNNVDid:CNNVD-201812-948
db:JVNDBid:JVNDB-2018-013200
db:NVDid:CVE-2018-15329

LAST UPDATE DATE

2026-06-19T23:32:55+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-125577date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201812-948date:2019-10-23T00:00:00
db:JVNDBid:JVNDB-2018-013200date:2019-02-18T00:00:00
db:NVDid:CVE-2018-15329date:2026-06-17T01:42:16.580

SOURCES RELEASE DATE

db:VULHUBid:VHN-125577date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201812-948date:2018-12-21T00:00:00
db:JVNDBid:JVNDB-2018-013200date:2019-02-18T00:00:00
db:NVDid:CVE-2018-15329date:2018-12-20T20:29:00.277