CVE-2018-15331
CVE-2018-15331
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
20 Dec 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system.
Affected products
F5 Networks, Inc. · BIG-IP (AAM)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →