CVE-2019-19151
N/A
N/A
Summary
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| F5 | BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager | BIG-IP 15.0.0-15.1.0 | affected |
| F5 | BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager | 14.0.0-14.1.2.3 | affected |
| F5 | BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager | 13.1.0-13.1.3.2 | affected |
| F5 | BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager | 12.1.0-12.1.5 | affected |
| F5 | BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager | 11.5.2-11.6.5.1 | affected |
| F5 | BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager | BIG-IQ 7.0.0 | affected |
| F5 | BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager | 6.0.0-6.1.0 | affected |
| F5 | BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager | 5.0.0-5.4.0 | affected |
| F5 | BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager | iWorkflow 2.3.0 | affected |
| F5 | BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager | Enterprise Manager 3.1.1 | affected |
Weaknesses
- Privilege Escalation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.