In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.
Attack Vector Network
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:N/AC:L/Au:S/C:C/I:C/A:C
Vendors | Products |
---|---|
F5 |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
Configuration 14 [-]
|
Configuration 15 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: f5
Published: 2019-07-01T20:21:01
Updated: 2019-10-09T19:06:40
Reserved: 2019-01-22T00:00:00
Link: CVE-2019-6642
JSON object: View
NVD Information
Status : Modified
Published: 2019-07-01T21:15:11.153
Modified: 2023-11-07T03:13:13.400
Link: CVE-2019-6642
JSON object: View
Redhat Information
No data.
CWE