CVE-2019-6614: On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully…

medium6.5CVSS 3.1

AVNACLPRHUINSUCNIHAH

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files.

Affected

52 ranges· showing 25

Vendor	Product	Version range	Fixed in
f5	big-ip_aam	—	—
f5	big-ip_access_policy_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_access_policy_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_access_policy_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_advanced_firewall_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_advanced_firewall_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_advanced_firewall_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_afm	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_analytics	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_analytics	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_apm	—	—
f5	big-ip_application_acceleration_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_application_acceleration_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_application_acceleration_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_application_security_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_application_security_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_application_security_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_asm	—	—
f5	big-ip_dns	—	—
f5	big-ip_domain_name_system	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_domain_name_system	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_domain_name_system	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_edge_gateway	—	—