8.8

CVE-2019-6646

On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.

Data is provided by the National Vulnerability Database (NVD)
F5Big-ip Access Policy Manager Version >= 11.5.2 <= 11.6.4
F5Big-ip Access Policy Manager Version12.0.0
F5Big-ip Advanced Firewall Manager Version >= 11.5.2 <= 11.6.4
F5Big-ip Analytics Version >= 11.5.2 <= 11.6.4
F5Big-ip Analytics Version12.0.0
F5Big-ip Application Acceleration Manager Version >= 11.5.2 <= 11.6.4
F5Big-ip Application Security Manager Version >= 11.5.2 <= 11.6.4
F5Big-ip Domain Name System Version >= 11.5.2 <= 11.6.4
F5Big-ip Domain Name System Version12.0.0
F5Big-ip Edge Gateway Version >= 11.5.2 <= 11.6.4
F5Big-ip Edge Gateway Version12.0.0
F5Big-ip Fraud Protection Service Version >= 11.5.2 <= 11.6.4
F5Big-ip Global Traffic Manager Version >= 11.5.2 <= 11.6.4
F5Big-ip Global Traffic Manager Version12.0.0
F5Big-ip Link Controller Version >= 11.5.2 <= 11.6.4
F5Big-ip Link Controller Version12.0.0
F5Big-ip Local Traffic Manager Version >= 11.5.2 <= 11.6.4
F5Big-ip Local Traffic Manager Version12.0.0
F5Big-ip Policy Enforcement Manager Version >= 11.5.2 <= 11.6.4
F5Big-ip Webaccelerator Version >= 11.5.2 <= 11.6.4
F5Big-ip Webaccelerator Version12.0.0
F5Enterprise Manager Version3.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.42% 0.588
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P