On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K21711352 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2019-12-23 11:15
Updated : 2019-12-31 10:43
NVD link : CVE-2019-19151
Mitre link : CVE-2019-19151
JSON object : View
CWE
CWE-269
Improper Privilege Management
Products Affected
f5
- big-ip_domain_name_system
- big-ip_global_traffic_manager
- big-ip_link_controller
- big-ip_advanced_firewall_manager
- big-ip_edge_gateway
- big-ip_webaccelerator
- big-ip_application_security_manager
- big-ip_access_policy_manager
- big-ip_local_traffic_manager
- big-ip_application_acceleration_manager
- big-ip_analytics
- iworkflow
- big-ip_policy_enforcement_manager
- big-iq_centralized_management
- enterprise_manager
- big-ip_fraud_protection_service