CVE-2019-6616
Published May 3, 2019
Last updated 2 years ago
Overview
- Description
- On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode.
- Source
- f5sirt@f5.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "609A31A8-E106-468C-8621-FBD0075E5C2E", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "022CB73B-8575-49BC-A782-7020ECDF85A9", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "038A8B61-CD54-4D41-9EDC-629E33389E17", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C22F2CB-FA25-4326-9542-FED6F97262DD", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB845EA7-3928-4FBE-ADB3-74AB8AB584F6", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "394BD813-D7CF-41AF-9623-20EBFFC4E477", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4126BBEF-AFD8-44A2-9810-CBAFFEAA4FFA", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A60AA834-6C1E-4203-91DA-A2C8478A184F", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F602F8C-9548-47C4-A15E-FE52FDC37BFA", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE67A396-FD17-41DE-9F6B-00E760538786", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3132866D-82C6-4C16-A80B-7BBD210E8199", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "627F6B46-8D84-4B83-9606-DE77D35E8AEB", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFD0FF41-761A-440D-83F8-ED779CA4F38C", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5275F08-E0D0-402D-812C-C72AE26D95BC", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0E0A944-3615-4B10-B27D-FEE228B7A4E6", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "431481E1-5C7B-4384-AA5F-00B2A6DCA9DB", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84585268-3D36-4688-B001-D184A3016708", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6F5072A-0347-4B4D-805A-CC4BD869CFF3", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF225E1D-75DB-4E67-93A8-727E3A6F1896", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "716B53B2-FE8E-4535-B438-BDBADEDB8ADB", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0EA47C1-757A-4034-8DFE-0B690696289B", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF730DB1-5C6B-4E49-94A8-80DABF7B215F", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06B52E4E-1DDE-49D0-AEE1-8A3A790BE30B", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9A5F789-854D-4C17-98FE-85EAD8000C09", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F303D34A-0155-4248-88BF-59086A3E24AC", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5F09EDA-97C4-4788-8BA9-FB90F4E9D2DE", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DBA19AD-E323-48B5-88D1-709B61971093", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44D05AD-3C76-4EB9-B8F4-FC5837C72E48", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8AC313F-4776-482C-B8E4-E3993820DA94", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68D79E48-7951-4ABE-AADF-0CE4975704FA", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3854B662-6BF0-4FE4-AC22-9895F30EBC79", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B5E1DF0-9912-4B50-B6AB-59558DE30B50", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B50AFE19-77F8-4BCC-B287-E967497DF44A", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1209416-7A72-4B4E-B493-DCB1A04A39E1", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57BCC8CB-5CD1-48F0-9983-883BD20B44FB", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40DF8C8E-064E-4EF5-888C-4EBD784785AA", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2E79EAE-4E0F-43DD-84AC-6BF55AB4F83F", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D441D2CE-C8F1-4688-903B-93F04BD1C8CE", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0915E0EA-4DBF-4D42-B533-7CB8674C5D97", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E61DD08-9CF9-457A-9120-52FA1F0ABD61", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7EB3F8D-55CA-48D5-9A64-F4A4A97159DE", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "173F9D19-C921-40DE-AFB8-014777A13911", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "152970DD-B77B-49C7-A02E-FC823E0E633F", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CCC67AD-46E4-40C5-AEED-C4691C731978", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3077533D-DCF2-47AE-B9BD-E88C5C9A8CA5", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57606901-522F-478F-B49B-13B600DC1F95", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9507B6E2-6403-448D-B8E5-4F80FB2C5513", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8B6C1C-D373-4E5D-902E-DA590D182E19", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF10D9A8-AC97-4864-B7E9-8209983B2489", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8A7C7B7-9956-4921-A701-032D67EE156F", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65F0F85E-3C6D-4329-BA19-3FD9119D5782", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CD0ECA3-32E2-4A01-9FA1-572FE74C80DC", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "428FCCE2-10D7-42B2-AF25-8109BAB2A6E1", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19CF4C32-368F-42B3-B1EE-C59CC12EF745", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70EB94C1-8799-453C-BB63-4EB9B905F70C", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93C83561-E721-432E-BFAF-A873C3D10BF8", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAA91D9D-9283-4150-8BCC-827CCD3CB0C9", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AFEDB33-A655-4F67-B43E-DED5FC8183D4", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B310516-87E6-453A-82E7-CDDB9F9D5E57", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3293CE1D-A278-4C80-8F1C-0894162465B6", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "140C3519-4BD2-4501-9479-D2FA3770134E", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2" }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D76A899-8EFB-4881-8201-27C2E2B43829", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1" }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E703372-E37E-4DD8-8C6A-EE6EC4EFC900", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "117DFD13-51F9-46E8-B000-3364B7ED8364", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0" }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BCE1FEC-7D71-4AA8-A6FD-AFA05D94F965", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0" } ], "operator": "OR" } ] } ]