cbcvebase.
CVE-2019-6616
published 2019-05-03

CVE-2019-6616: On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical…

high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode.

Affected

78 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip_aam
f5big-ip_access_policy_manager>= 11.5.2 < 11.5.911.5.9
f5big-ip_access_policy_manager>= 11.6.1 < 11.6.411.6.4
f5big-ip_access_policy_manager>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_access_policy_manager>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_access_policy_manager>= 14.0.0 < 14.1.0.214.1.0.2
f5big-ip_advanced_firewall_manager>= 11.5.2 < 11.5.911.5.9
f5big-ip_advanced_firewall_manager>= 11.6.1 < 11.6.411.6.4
f5big-ip_advanced_firewall_manager>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_advanced_firewall_manager>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_advanced_firewall_manager>= 14.0.0 < 14.1.0.214.1.0.2
f5big-ip_afm
f5big-ip_analytics
f5big-ip_analytics>= 11.5.2 < 11.5.911.5.9
f5big-ip_analytics>= 11.6.1 < 11.6.411.6.4
f5big-ip_analytics>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_analytics>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_analytics>= 14.0.0 < 14.1.0.214.1.0.2
f5big-ip_apm
f5big-ip_application_acceleration_manager>= 11.5.2 < 11.5.911.5.9
f5big-ip_application_acceleration_manager>= 11.6.1 < 11.6.411.6.4
f5big-ip_application_acceleration_manager>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_application_acceleration_manager>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_application_acceleration_manager>= 14.0.0 < 14.1.0.214.1.0.2
f5big-ip_application_security_manager>= 11.5.2 < 11.5.911.5.9