cbcvebase.
CVE-2019-6617
published 2019-05-03

CVE-2019-6617: On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite…

medium6.5CVSS 3.1
AVNACLPRHUINSUCNIHAH
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions.

Affected

78 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip_aam
f5big-ip_access_policy_manager>= 11.5.2 < 11.5.911.5.9
f5big-ip_access_policy_manager>= 11.6.1 < 11.6.411.6.4
f5big-ip_access_policy_manager>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_access_policy_manager>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_access_policy_manager>= 14.0.0 < 14.1.0.214.1.0.2
f5big-ip_advanced_firewall_manager>= 11.5.2 < 11.5.911.5.9
f5big-ip_advanced_firewall_manager>= 11.6.1 < 11.6.411.6.4
f5big-ip_advanced_firewall_manager>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_advanced_firewall_manager>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_advanced_firewall_manager>= 14.0.0 < 14.1.0.214.1.0.2
f5big-ip_afm
f5big-ip_analytics
f5big-ip_analytics>= 11.5.2 < 11.5.911.5.9
f5big-ip_analytics>= 11.6.1 < 11.6.411.6.4
f5big-ip_analytics>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_analytics>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_analytics>= 14.0.0 < 14.1.0.214.1.0.2
f5big-ip_apm
f5big-ip_application_acceleration_manager>= 11.5.2 < 11.5.911.5.9
f5big-ip_application_acceleration_manager>= 11.6.1 < 11.6.411.6.4
f5big-ip_application_acceleration_manager>= 12.1.0 < 12.1.4.112.1.4.1
f5big-ip_application_acceleration_manager>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_application_acceleration_manager>= 14.0.0 < 14.1.0.214.1.0.2
f5big-ip_application_security_manager>= 11.5.2 < 11.5.911.5.9