CVE-2018-15328

Published: Dic 12, 2018 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2018-7206 Aliases: GSD-2018-15328
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0218
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

200

Exposure of Sensitive Information to an Unauthorized Actor

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies: Mobile, Not Technology-Specific, Web Based
Likelihood of Exploit: High
View CWE Details
Application

Big-Ip Fraud Protection Service by F5

Product Information
Vendor F5
Product Big-Ip Fraud Protection Service
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Iq Centralized Management by F5

Product Information
Vendor F5
Product Big-Iq Centralized Management
Version Range Affected
From 6.0.0 (inclusive)
To 6.0.1 (inclusive)
cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Access Policy Manager by F5

Product Information
Vendor F5
Product Big-Ip Access Policy Manager
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Domain Name System by F5

Product Information
Vendor F5
Product Big-Ip Domain Name System
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Policy Enforcement Manager by F5

Product Information
Vendor F5
Product Big-Ip Policy Enforcement Manager
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Local Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Local Traffic Manager
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Acceleration Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Acceleration Manager
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Webaccelerator by F5

Product Information
Vendor F5
Product Big-Ip Webaccelerator
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Global Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Global Traffic Manager
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Link Controller by F5

Product Information
Vendor F5
Product Big-Ip Link Controller
Version 14.0.0
cpe:2.3:a:f5:big-ip_link_controller:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Iq Centralized Management by F5

Product Information
Vendor F5
Product Big-Iq Centralized Management
Version 4.6.0
cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Acceleration Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Acceleration Manager
Version 14.0.0
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Local Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Local Traffic Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Acceleration Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Acceleration Manager
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Global Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Global Traffic Manager
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Domain Name System by F5

Product Information
Vendor F5
Product Big-Ip Domain Name System
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Firewall Manager by F5

Product Information
Vendor F5
Product Big-Ip Advanced Firewall Manager
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Analytics by F5

Product Information
Vendor F5
Product Big-Ip Analytics
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Access Policy Manager by F5

Product Information
Vendor F5
Product Big-Ip Access Policy Manager
Version 14.0.0
cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Iq Centralized Management by F5

Product Information
Vendor F5
Product Big-Iq Centralized Management
Version Range Affected
From 5.0.0 (inclusive)
To 5.4.0 (inclusive)
cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Global Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Global Traffic Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Edge Gateway by F5

Product Information
Vendor F5
Product Big-Ip Edge Gateway
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Policy Enforcement Manager by F5

Product Information
Vendor F5
Product Big-Ip Policy Enforcement Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Link Controller by F5

Product Information
Vendor F5
Product Big-Ip Link Controller
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Fraud Protection Service by F5

Product Information
Vendor F5
Product Big-Ip Fraud Protection Service
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Analytics by F5

Product Information
Vendor F5
Product Big-Ip Analytics
Version 14.0.0
cpe:2.3:a:f5:big-ip_analytics:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Analytics by F5

Product Information
Vendor F5
Product Big-Ip Analytics
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Link Controller by F5

Product Information
Vendor F5
Product Big-Ip Link Controller
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Edge Gateway by F5

Product Information
Vendor F5
Product Big-Ip Edge Gateway
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Domain Name System by F5

Product Information
Vendor F5
Product Big-Ip Domain Name System
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Link Controller by F5

Product Information
Vendor F5
Product Big-Ip Link Controller
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Access Policy Manager by F5

Product Information
Vendor F5
Product Big-Ip Access Policy Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Iworkflow by F5

Product Information
Vendor F5
Product Iworkflow
Version Range Affected
From 2.2.0 (inclusive)
To 2.3.0 (inclusive)
cpe:2.3:a:f5:iworkflow:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Analytics by F5

Product Information
Vendor F5
Product Big-Ip Analytics
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Policy Enforcement Manager by F5

Product Information
Vendor F5
Product Big-Ip Policy Enforcement Manager
Version 14.0.0
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version 14.0.0
cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Fraud Protection Service by F5

Product Information
Vendor F5
Product Big-Ip Fraud Protection Service
Version 14.0.0
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Local Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Local Traffic Manager
Version 14.0.0
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Edge Gateway by F5

Product Information
Vendor F5
Product Big-Ip Edge Gateway
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Webaccelerator by F5

Product Information
Vendor F5
Product Big-Ip Webaccelerator
Version 14.0.0
cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Access Policy Manager by F5

Product Information
Vendor F5
Product Big-Ip Access Policy Manager
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Global Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Global Traffic Manager
Version 14.0.0
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Local Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Local Traffic Manager
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Edge Gateway by F5

Product Information
Vendor F5
Product Big-Ip Edge Gateway
Version 14.0.0
cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Firewall Manager by F5

Product Information
Vendor F5
Product Big-Ip Advanced Firewall Manager
Version 14.0.0
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Fraud Protection Service by F5

Product Information
Vendor F5
Product Big-Ip Fraud Protection Service
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Manager by F5

Product Information
Vendor F5
Product Enterprise Manager
Version 3.1.1
cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Webaccelerator by F5

Product Information
Vendor F5
Product Big-Ip Webaccelerator
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Domain Name System by F5

Product Information
Vendor F5
Product Big-Ip Domain Name System
Version 14.0.0
cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Firewall Manager by F5

Product Information
Vendor F5
Product Big-Ip Advanced Firewall Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Acceleration Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Acceleration Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Webaccelerator by F5

Product Information
Vendor F5
Product Big-Ip Webaccelerator
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.3 (inclusive)
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Firewall Manager by F5

Product Information
Vendor F5
Product Big-Ip Advanced Firewall Manager
Version Range Affected
From 13.0.0 (inclusive)
To 13.1.1 (inclusive)
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Policy Enforcement Manager by F5

Product Information
Vendor F5
Product Big-Ip Policy Enforcement Manager
Version Range Affected
From 11.2.1 (inclusive)
To 11.6.3 (inclusive)
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://support.f5.com/csp/article/K42027747
Vendor Advisory
https://support.f5.com/csp/article/K42027747
http://www.securityfocus.com/bid/106258
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/106258
https://support.f5.com/csp/article/K42027747
Vendor Advisory
https://support.f5.com/csp/article/K42027747
http://www.securityfocus.com/bid/106258
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/106258