5.5

CVE-2019-19151

EPSS 0.18%
Veröffentlicht 23.12.2019 19:15:11
Zuletzt bearbeitet 21.11.2024 04:34:15
Quelle f5sirt@f5.com
Teams Watchlist Login
Unerledigt Login

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

F5 ≫ Big-iq Centralized Management Version >= 5.0.0 <= 5.4.0

F5 ≫ Big-iq Centralized Management Version >= 6.0.0 <= 6.1.0

F5 ≫ Big-iq Centralized Management Version7.0.0

F5 ≫ Big-ip Access Policy Manager Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Access Policy Manager Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Access Policy Manager Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Access Policy Manager Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Access Policy Manager Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Advanced Firewall Manager Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Advanced Firewall Manager Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Advanced Firewall Manager Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Advanced Firewall Manager Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Analytics Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Analytics Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Analytics Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Analytics Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Analytics Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Application Acceleration Manager Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Application Acceleration Manager Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Application Acceleration Manager Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Application Acceleration Manager Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Application Acceleration Manager Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Application Security Manager Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Application Security Manager Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Application Security Manager Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Application Security Manager Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Application Security Manager Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Domain Name System Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Domain Name System Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Domain Name System Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Domain Name System Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Domain Name System Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Edge Gateway Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Edge Gateway Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Edge Gateway Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Edge Gateway Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Edge Gateway Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Fraud Protection Service Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Fraud Protection Service Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Fraud Protection Service Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Fraud Protection Service Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Fraud Protection Service Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Global Traffic Manager Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Global Traffic Manager Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Global Traffic Manager Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Global Traffic Manager Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Global Traffic Manager Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Link Controller Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Link Controller Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Link Controller Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Link Controller Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Link Controller Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Local Traffic Manager Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Local Traffic Manager Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Local Traffic Manager Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Local Traffic Manager Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Local Traffic Manager Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Policy Enforcement Manager Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Policy Enforcement Manager Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Policy Enforcement Manager Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Policy Enforcement Manager Version >= 15.0.0 <= 15.1.0

F5 ≫ Big-ip Webaccelerator Version >= 11.5.1 <= 11.6.5

F5 ≫ Big-ip Webaccelerator Version >= 12.1.0 <= 12.1.5

F5 ≫ Big-ip Webaccelerator Version >= 13.0.0 <= 13.1.3

F5 ≫ Big-ip Webaccelerator Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Webaccelerator Version >= 15.0.0 <= 15.1.0

F5 ≫ Enterprise Manager Version3.1.1

F5 ≫ Iworkflow Version2.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.408

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://support.f5.com/csp/article/K21711352

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-19151

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-19151

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-19151

EUVD