CVE-2019-6615: On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit…

medium4.9CVSS 3.1

AVNACLPRHUINSUCNIHAN

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems.

Affected

78 ranges· showing 25

Vendor	Product	Version range	Fixed in
f5	big-ip_aam	—	—
f5	big-ip_access_policy_manager	>= 11.5.2 < 11.5.9	11.5.9
f5	big-ip_access_policy_manager	>= 11.6.1 < 11.6.4	11.6.4
f5	big-ip_access_policy_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_access_policy_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_access_policy_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_advanced_firewall_manager	>= 11.5.2 < 11.5.9	11.5.9
f5	big-ip_advanced_firewall_manager	>= 11.6.1 < 11.6.4	11.6.4
f5	big-ip_advanced_firewall_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_advanced_firewall_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_advanced_firewall_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_afm	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	>= 11.5.2 < 11.5.9	11.5.9
f5	big-ip_analytics	>= 11.6.1 < 11.6.4	11.6.4
f5	big-ip_analytics	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_analytics	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_analytics	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_apm	—	—
f5	big-ip_application_acceleration_manager	>= 11.5.2 < 11.5.9	11.5.9
f5	big-ip_application_acceleration_manager	>= 11.6.1 < 11.6.4	11.6.4
f5	big-ip_application_acceleration_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_application_acceleration_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_application_acceleration_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_application_security_manager	>= 11.5.2 < 11.5.9	11.5.9