On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K21711352 | Vendor Advisory |
https://support.f5.com/csp/article/K21711352 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 04:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.f5.com/csp/article/K21711352 - Vendor Advisory |
Information
Published : 2019-12-23 19:15
Updated : 2024-11-21 04:34
NVD link : CVE-2019-19151
Mitre link : CVE-2019-19151
CVE.ORG link : CVE-2019-19151
JSON object : View
Products Affected
f5
- big-ip_application_security_manager
- big-ip_application_acceleration_manager
- big-ip_global_traffic_manager
- big-ip_policy_enforcement_manager
- big-ip_edge_gateway
- big-ip_domain_name_system
- big-ip_fraud_protection_service
- big-ip_link_controller
- big-ip_local_traffic_manager
- big-iq_centralized_management
- big-ip_webaccelerator
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- enterprise_manager
- iworkflow
- big-ip_analytics
CWE
CWE-269
Improper Privilege Management