CVE-2019-19151

Summary

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.

Affected Software

VendorProductVersion RangeStatus
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise ManagerBIG-IP 15.0.0-15.1.0affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager14.0.0-14.1.2.3affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager13.1.0-13.1.3.2affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager12.1.0-12.1.5affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager11.5.2-11.6.5.1affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise ManagerBIG-IQ 7.0.0affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager6.0.0-6.1.0affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager5.0.0-5.4.0affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise ManageriWorkflow 2.3.0affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise ManagerEnterprise Manager 3.1.1affected

Weaknesses

  • Privilege Escalation

ADP Enrichment

CVE Program Container

Additional References

References