CVE Vulnerabilities

CVE-2019-6616

Published: May 03, 2019 | Modified: Feb 16, 2023
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode.

Affected Software

Name Vendor Start Version End Version
Big-ip_access_policy_manager F5 11.5.2 (including) 11.5.9 (excluding)
Big-ip_access_policy_manager F5 11.6.1 (including) 11.6.4 (excluding)
Big-ip_access_policy_manager F5 12.1.0 (including) 12.1.4.1 (excluding)
Big-ip_access_policy_manager F5 13.0.0 (including) 13.1.1.5 (excluding)
Big-ip_access_policy_manager F5 14.0.0 (including) 14.1.0.2 (excluding)

References