CVE-2019-6642

Summary

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.

Affected Software

VendorProductVersion RangeStatus
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise ManagerBIG-IP 15.0.0affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager14.0.0-14.1.0.5affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager13.0.0-13.1.1.5affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager12.1.0-12.1.4.2affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager11.5.2-11.6.4affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise ManagerBIG-IQ 6.0.0-6.1.0affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager5.1.0-5.4.0affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise ManageriWorkflow 2.3.0affected
F5BIG-IP, BIG-IQ, iWorkflow, Enterprise ManagerEnterprise Manager 3.1.1affected

Weaknesses

  • Privilege Escalation

ADP Enrichment

CVE Program Container

Additional References

References