cbcvebase.
CVE-2019-6621
published 2019-07-02

CVE-2019-6621: On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and…

high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations.

Affected

104 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip_aam
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager>= 11.5.2 < 11.5.911.5.9
f5big-ip_access_policy_manager>= 11.6.1 < 11.6.411.6.4
f5big-ip_access_policy_manager12.1.0 – 12.1.4
f5big-ip_access_policy_manager>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_access_policy_manager>= 14.0.0 < 14.0.0.514.0.0.5
f5big-ip_access_policy_manager>= 14.1.0 < 14.1.0.614.1.0.6
f5big-ip_advanced_firewall_manager>= 11.5.2 < 11.5.911.5.9
f5big-ip_advanced_firewall_manager>= 11.6.1 < 11.6.411.6.4
f5big-ip_advanced_firewall_manager12.1.0 – 12.1.4
f5big-ip_advanced_firewall_manager>= 13.0.0 < 13.1.1.513.1.1.5
f5big-ip_advanced_firewall_manager>= 14.0.0 < 14.0.0.514.0.0.5
f5big-ip_advanced_firewall_manager>= 14.1.0 < 14.1.0.614.1.0.6
f5big-ip_afm
f5big-ip_analytics
f5big-ip_analytics>= 11.5.2 < 11.5.911.5.9
f5big-ip_analytics>= 11.6.1 < 11.6.411.6.4
f5big-ip_analytics12.1.0 – 12.1.4
f5big-ip_analytics>= 13.0.0 < 13.1.1.513.1.1.5