Description
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| F5 | BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2019-8783 | On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed. |
References
| Link | Providers |
|---|---|
| https://support.f5.com/csp/article/K21711352 |
|
History
No history.
Subscriptions
F5
Subscribe
Big-ip Access Policy Manager
Subscribe
Big-ip Advanced Firewall Manager
Subscribe
Big-ip Analytics
Subscribe
Big-ip Application Acceleration Manager
Subscribe
Big-ip Application Security Manager
Subscribe
Big-ip Domain Name System
Subscribe
Big-ip Edge Gateway
Subscribe
Big-ip Fraud Protection Service
Subscribe
Big-ip Global Traffic Manager
Subscribe
Big-ip Link Controller
Subscribe
Big-ip Local Traffic Manager
Subscribe
Big-ip Policy Enforcement Manager
Subscribe
Big-ip Webaccelerator
Subscribe
Big-iq Centralized Management
Subscribe
Enterprise Manager
Subscribe
Iworkflow
Subscribe
MITRE
Status: PUBLISHED
Assigner: f5
Published:
Updated: 2024-08-05T02:09:39.287Z
Reserved: 2019-11-21T00:00:00.000Z
Link: CVE-2019-19151
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-23T19:15:11.433
Modified: 2024-11-21T04:34:15.983
Link: CVE-2019-19151
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses