CVE-2019-6620: On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl…

high7.2CVSS 3.0

AVNACLPRHUINSUCHIHAH

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user.

Affected

69 ranges· showing 25

Vendor	Product	Version range	Fixed in
f5	big-ip_aam	—	—
f5	big-ip_access_policy_manager	11.5.2 – 11.6.4	—
f5	big-ip_access_policy_manager	12.1.0 – 12.1.4	—
f5	big-ip_access_policy_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_access_policy_manager	>= 14.0.0 < 14.1.0.6	14.1.0.6
f5	big-ip_advanced_firewall_manager	11.5.2 – 11.6.4	—
f5	big-ip_advanced_firewall_manager	12.1.0 – 12.1.4	—
f5	big-ip_advanced_firewall_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_advanced_firewall_manager	>= 14.0.0 < 14.1.0.6	14.1.0.6
f5	big-ip_afm	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	11.5.2 – 11.6.4	—
f5	big-ip_analytics	12.1.0 – 12.1.4	—
f5	big-ip_analytics	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_analytics	>= 14.0.0 < 14.1.0.6	14.1.0.6
f5	big-ip_apm	—	—
f5	big-ip_application_acceleration_manager	11.5.2 – 11.6.4	—
f5	big-ip_application_acceleration_manager	12.1.0 – 12.1.4	—
f5	big-ip_application_acceleration_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_application_acceleration_manager	>= 14.0.0 < 14.1.0.6	14.1.0.6
f5	big-ip_application_security_manager	11.5.2 – 11.6.4	—
f5	big-ip_application_security_manager	12.1.0 – 12.1.4	—
f5	big-ip_application_security_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_application_security_manager	>= 14.0.0 < 14.1.0.6	14.1.0.6
f5	big-ip_asm	—	—