On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted.
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K54336216 | Vendor Advisory |
https://support.f5.com/csp/article/K54336216 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.f5.com/csp/article/K54336216 - Vendor Advisory |
Information
Published : 2019-12-23 18:15
Updated : 2024-11-21 04:46
NVD link : CVE-2019-6679
Mitre link : CVE-2019-6679
CVE.ORG link : CVE-2019-6679
JSON object : View
Products Affected
f5
- big-ip_application_security_manager
- big-ip_application_acceleration_manager
- big-ip_global_traffic_manager
- big-ip_policy_enforcement_manager
- big-ip_edge_gateway
- big-ip_domain_name_system
- big-ip_fraud_protection_service
- big-ip_link_controller
- big-ip_local_traffic_manager
- big-ip_webaccelerator
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- big-ip_analytics
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')