cbcvebase.
CVE-2019-19151
published 2019-12-23

CVE-2019-19151: On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0…

medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.

Affected

86 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip_aam
f5big-ip_access_policy_manager11.5.1 – 11.6.5
f5big-ip_access_policy_manager12.1.0 – 12.1.5
f5big-ip_access_policy_manager13.0.0 – 13.1.3
f5big-ip_access_policy_manager14.0.0 – 14.1.2
f5big-ip_access_policy_manager15.0.0 – 15.1.0
f5big-ip_advanced_firewall_manager11.5.1 – 11.6.5
f5big-ip_advanced_firewall_manager12.1.0 – 12.1.5
f5big-ip_advanced_firewall_manager13.0.0 – 13.1.3
f5big-ip_advanced_firewall_manager14.0.0 – 14.1.2
f5big-ip_advanced_firewall_manager15.0.0 – 15.1.0
f5big-ip_afm
f5big-ip_analytics
f5big-ip_analytics11.5.1 – 11.6.5
f5big-ip_analytics12.1.0 – 12.1.5
f5big-ip_analytics13.0.0 – 13.1.3
f5big-ip_analytics14.0.0 – 14.1.2
f5big-ip_analytics15.0.0 – 15.1.0
f5big-ip_apm
f5big-ip_application_acceleration_manager11.5.1 – 11.6.5
f5big-ip_application_acceleration_manager12.1.0 – 12.1.5
f5big-ip_application_acceleration_manager13.0.0 – 13.1.3
f5big-ip_application_acceleration_manager14.0.0 – 14.1.2
f5big-ip_application_acceleration_manager15.0.0 – 15.1.0
f5big-ip_application_security_manager11.5.1 – 11.6.5