K58935003 : F5 Container Connector vulnerability CVE-2018-5543

2018-07-3000:00:00

my.f5.com

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.6%

JSON

Security Advisory Description

The F5 BIG-IP Controller for Kubernetes (k8s-bigip-crtl) passes BIG-IP username and password as command line parameters, which may lead to disclosure of the credentials used by the container. (CVE-2018-5543)

Impact

F5 BIG-IP Controller for Kubernetes

This vulnerability exposes BIG-IP username and passwords to non-privileged user logged on to the Kubernetes worker node where the container is running.

BIG-IP / BIG-IQ / F5 iWorkflow / Enterprise Manager / ARX / Traffix SDC

There is no impact; these F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-ip gtmeq11.2.1
big-ip gtmeq11.5.1
big-ip gtmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-ip gtm	eq	11.2.1
big-ip gtm	eq	11.5.1
big-ip gtm	eq	11.5.2

Rows per page:

1-10 of 191