CVE-2018-5540

Name: CVE-2018-5540
Creator: NVD / NIST
Published: 2018-07-19T14:29:00.73+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.41%

Last modified Jun 17, 2026

CVE-2018-5540 is a vulnerability of currently unknown severity. On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.. EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.

Metrics

EPSS Probability

0.41%

32.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-732

Affected Software

Vendor	Product	Versions
F5	Big-Ip Domain Name System	>= 11.5.1, <= 11.5.6
F5	Big-Ip Domain Name System	>= 11.6.0, <= 11.6.3.1
F5	Big-Ip Domain Name System	>= 12.1.0, <= 12.1.3.3
F5	Big-Ip Domain Name System	>= 13.0.0, <= 13.0.1
F5	Big-Ip Global Traffic Manager	>= 11.5.1, <= 11.5.6
F5	Big-Ip Global Traffic Manager	>= 11.6.0, <= 11.6.3.1
F5	Big-Ip Global Traffic Manager	>= 12.1.0, <= 12.1.3.3
F5	Big-Ip Global Traffic Manager	>= 13.0.0, <= 13.0.1
F5	Enterprise Manager	3.1.1
F5	Big-Iq Centralized Management	>= 5.0.0, <= 5.1.0
F5	Big-Iq Cloud And Orchestration	1.0.0
F5	F5 Iworkflow	>= 2.1.0, <= 2.3.0

References

http://www.securityfocus.com/bid/104920Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041340Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041341Third Party Advisory, VDB Entry
https://support.f5.com/csp/article/K82038789Vendor Advisory
http://www.securityfocus.com/bid/104920Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041340Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041341Third Party Advisory, VDB Entry
https://support.f5.com/csp/article/K82038789Vendor Advisory

Timeline

Published: Jul 19, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-5540?

How severe is CVE-2018-5540?

Severity scoring for CVE-2018-5540 is pending analysis. The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.

How do I fix CVE-2018-5540?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-5540?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST