CVE-2019-19151

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 59.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +13 more

Timeline

PublishedDec 23

Latest updateMay 24

Description

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be al…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages16 packages

▶NVDf5/big-ip_access_policy_manager11.5.1 — 11.6.5+4

▶NVDf5/big-ip_domain_name_system11.5.1 — 11.6.5+4

▶NVDf5/enterprise_manager3.1.1

▶NVDf5/big-ip_local_traffic_manager11.5.1 — 11.6.5+4

▶NVDf5/big-ip_global_traffic_manager11.5.1 — 11.6.5+4

🔴Vulnerability Details

GHSA

GHSA-5mqv-m2p9-qprh: On BIG-IP versions 15↗2022-05-24

▶

CVEList

CVE-2019-19151: On BIG-IP versions 15↗2019-12-23

▶

📋Vendor Advisories

CVE-2019-19151: On BIG-IP versions 15↗2019-12-23

▶

External resources

NVD MITRE

Affected products16

F5 Big-ip Access Policy Manager≥ 11.5.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.0.0, ≤ 13.1.3+2 more

F5 Big-ip Advanced Firewall Manager≥ 11.5.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.0.0, ≤ 13.1.3+2 more

F5 Big-ip Analytics≥ 11.5.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.0.0, ≤ 13.1.3+2 more

F5 Big-ip Application Acceleration Manager≥ 11.5.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.0.0, ≤ 13.1.3+2 more

F5 Big-ip Application Security Manager≥ 11.5.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.0.0, ≤ 13.1.3+2 more

F5 Big-ip Domain Name System≥ 11.5.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.0.0, ≤ 13.1.3+2 more

F5 Big-ip Edge Gateway≥ 11.5.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.0.0, ≤ 13.1.3+2 more

F5 Big-ip Fraud Protection Service≥ 11.5.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.0.0, ≤ 13.1.3+2 more

F5 Big-ip Global Traffic Manager≥ 11.5.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.0.0, ≤ 13.1.3+2 more

F5 Big-ip Link Controller≥ 11.5.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.0.0, ≤ 13.1.3+2 more

Disclosure

PublishedDec 23, 2019

Latest updateMay 24, 2022