9

CVE-2019-6642

EPSS 0.5%
Published 01.07.2019 21:15:11
Last modified 21.11.2024 04:46:52
Source f5sirt@f5.com
Teams watchlist Login
Open Login

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

F5 ≫ Big-ip Access Policy Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Access Policy Manager Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Access Policy Manager Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Access Policy Manager Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Access Policy Manager Version15.0.0

F5 ≫ Big-ip Advanced Firewall Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Advanced Firewall Manager Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Advanced Firewall Manager Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Advanced Firewall Manager Version15.0.0

F5 ≫ Big-ip Application Acceleration Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Application Acceleration Manager Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Application Acceleration Manager Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Application Acceleration Manager Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Application Acceleration Manager Version15.0.0

F5 ≫ Big-ip Link Controller Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Link Controller Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Link Controller Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Link Controller Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Link Controller Version15.0.0

F5 ≫ Big-ip Policy Enforcement Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Policy Enforcement Manager Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Policy Enforcement Manager Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Policy Enforcement Manager Version15.0.0

F5 ≫ Big-ip Webaccelerator Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Webaccelerator Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Webaccelerator Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Webaccelerator Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Webaccelerator Version15.0.0

F5 ≫ Big-ip Application Security Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Application Security Manager Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Application Security Manager Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Application Security Manager Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Application Security Manager Version15.0.0

F5 ≫ Big-ip Local Traffic Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Local Traffic Manager Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Local Traffic Manager Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Local Traffic Manager Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Local Traffic Manager Version15.0.0

F5 ≫ Big-ip Fraud Protection Service Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Fraud Protection Service Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Fraud Protection Service Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Fraud Protection Service Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Fraud Protection Service Version15.0.0

F5 ≫ Big-ip Global Traffic Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Global Traffic Manager Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Global Traffic Manager Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Global Traffic Manager Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Global Traffic Manager Version15.0.0

F5 ≫ Big-ip Analytics Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Analytics Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Analytics Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Analytics Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Analytics Version15.0.0

F5 ≫ Big-ip Edge Gateway Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Edge Gateway Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Edge Gateway Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Edge Gateway Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Edge Gateway Version15.0.0

F5 ≫ Big-ip Domain Name System Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Domain Name System Version >= 12.1.0 <= 12.1.4.2

F5 ≫ Big-ip Domain Name System Version >= 13.0.0 <= 13.1.1.5

F5 ≫ Big-ip Domain Name System Version >= 14.0.0 <= 14.1.0.5

F5 ≫ Big-ip Domain Name System Version15.0.0

F5 ≫ Big-iq Centralized Management Version >= 5.1.0 <= 5.4.0

F5 ≫ Big-iq Centralized Management Version >= 6.0.0 <= 6.1.0

F5 ≫ Enterprise Manager Version3.1.1

F5 ≫ Iworkflow Version2.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.5%	0.648

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

https://support.f5.com/csp/article/K40378764

Vendor Advisory

https://support.f5.com/csp/article/K40378764?utm_source=f5support&amp%3Butm_medium=RSS

https://nvd.nist.gov/vuln/detail/CVE-2019-6642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6642

EUVD