CVE-2019-6685: On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution.

Affected

97 ranges· showing 25

Vendor	Product	Version range	Fixed in
f5	big-ip	—	—
f5	big-ip	—	—
f5	big-ip	—	—
f5	big-ip	—	—
f5	big-ip	—	—
f5	big-ip	—	—
f5	big-ip_aam	—	—
f5	big-ip_access_policy_manager	11.5.2 – 11.6.5	—
f5	big-ip_access_policy_manager	12.1.0 – 12.1.5	—
f5	big-ip_access_policy_manager	>= 13.1.0 < 13.1.3.2	13.1.3.2
f5	big-ip_access_policy_manager	>= 14.0.0 < 14.0.1.1	14.0.1.1
f5	big-ip_access_policy_manager	>= 14.1.0 < 14.1.2.3	14.1.2.3
f5	big-ip_access_policy_manager	>= 15.0.0 < 15.1.0	15.1.0
f5	big-ip_advanced_firewall_manager	11.5.2 – 11.6.5	—
f5	big-ip_advanced_firewall_manager	12.1.0 – 12.1.5	—
f5	big-ip_advanced_firewall_manager	>= 13.1.0 < 13.1.3.2	13.1.3.2
f5	big-ip_advanced_firewall_manager	>= 14.0.0 < 14.0.1.1	14.0.1.1
f5	big-ip_advanced_firewall_manager	>= 14.1.0 < 14.1.2.3	14.1.2.3
f5	big-ip_advanced_firewall_manager	>= 15.0.0 < 15.1.0	15.1.0
f5	big-ip_afm	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	11.5.2 – 11.6.5	—
f5	big-ip_analytics	12.1.0 – 12.1.5	—
f5	big-ip_analytics	>= 13.1.0 < 13.1.3.2	13.1.3.2
f5	big-ip_analytics	>= 14.0.0 < 14.0.1.1	14.0.1.1