CVE-2019-19259

Current Description

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.

Basic Data

PublishedDecember 23, 2019
Last ModifiedDecember 31, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-269
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-iq Centralized Management********5.0.05.4.0
    2.3ApplicationF5Big-iq Centralized Management********6.0.06.1.0
    2.3ApplicationF5Big-iq Centralized Management7.0.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Access Policy Manager********11.5.111.6.5
    2.3ApplicationF5Big-ip Access Policy Manager********12.1.012.1.5
    2.3ApplicationF5Big-ip Access Policy Manager********13.0.013.1.3
    2.3ApplicationF5Big-ip Access Policy Manager********14.0.014.1.2
    2.3ApplicationF5Big-ip Access Policy Manager********15.0.015.1.0
    2.3ApplicationF5Big-ip Advanced Firewall Manager********11.5.111.6.5
    2.3ApplicationF5Big-ip Advanced Firewall Manager********12.1.012.1.5
    2.3ApplicationF5Big-ip Advanced Firewall Manager********13.0.013.1.3
    2.3ApplicationF5Big-ip Advanced Firewall Manager********14.0.014.1.2
    2.3ApplicationF5Big-ip Advanced Firewall Manager********15.0.015.1.0
    2.3ApplicationF5Big-ip Analytics********11.5.111.6.5
    2.3ApplicationF5Big-ip Analytics********12.1.012.1.5
    2.3ApplicationF5Big-ip Analytics********13.0.013.1.3
    2.3ApplicationF5Big-ip Analytics********14.0.014.1.2
    2.3ApplicationF5Big-ip Analytics********15.0.015.1.0
    2.3ApplicationF5Big-ip Application Acceleration Manager********11.5.111.6.5
    2.3ApplicationF5Big-ip Application Acceleration Manager********12.1.012.1.5
    2.3ApplicationF5Big-ip Application Acceleration Manager********13.0.013.1.3
    2.3ApplicationF5Big-ip Application Acceleration Manager********14.0.014.1.2
    2.3ApplicationF5Big-ip Application Acceleration Manager********15.0.015.1.0
    2.3ApplicationF5Big-ip Application Security Manager********11.5.111.6.5
    2.3ApplicationF5Big-ip Application Security Manager********12.1.012.1.5
    2.3ApplicationF5Big-ip Application Security Manager********13.0.013.1.3
    2.3ApplicationF5Big-ip Application Security Manager********14.0.014.1.2
    2.3ApplicationF5Big-ip Application Security Manager********15.0.015.1.0
    2.3ApplicationF5Big-ip Domain Name System********11.5.111.6.5
    2.3ApplicationF5Big-ip Domain Name System********12.1.012.1.5
    2.3ApplicationF5Big-ip Domain Name System********13.0.013.1.3
    2.3ApplicationF5Big-ip Domain Name System********14.0.014.1.2
    2.3ApplicationF5Big-ip Domain Name System********15.0.015.1.0
    2.3ApplicationF5Big-ip Edge Gateway********11.5.111.6.5
    2.3ApplicationF5Big-ip Edge Gateway********12.1.012.1.5
    2.3ApplicationF5Big-ip Edge Gateway********13.0.013.1.3
    2.3ApplicationF5Big-ip Edge Gateway********14.0.014.1.2
    2.3ApplicationF5Big-ip Edge Gateway********15.0.015.1.0
    2.3ApplicationF5Big-ip Fraud Protection Service********11.5.111.6.5
    2.3ApplicationF5Big-ip Fraud Protection Service********12.1.012.1.5
    2.3ApplicationF5Big-ip Fraud Protection Service********13.0.013.1.3
    2.3ApplicationF5Big-ip Fraud Protection Service********14.0.014.1.2
    2.3ApplicationF5Big-ip Fraud Protection Service********15.0.015.1.0
    2.3ApplicationF5Big-ip Global Traffic Manager********11.5.111.6.5
    2.3ApplicationF5Big-ip Global Traffic Manager********12.1.012.1.5
    2.3ApplicationF5Big-ip Global Traffic Manager********13.0.013.1.3
    2.3ApplicationF5Big-ip Global Traffic Manager********14.0.014.1.2
    2.3ApplicationF5Big-ip Global Traffic Manager********15.0.015.1.0
    2.3ApplicationF5Big-ip Link Controller********11.5.111.6.5
    2.3ApplicationF5Big-ip Link Controller********12.1.012.1.5
    2.3ApplicationF5Big-ip Link Controller********13.0.013.1.3
    2.3ApplicationF5Big-ip Link Controller********14.0.014.1.2
    2.3ApplicationF5Big-ip Link Controller********15.0.015.1.0
    2.3ApplicationF5Big-ip Local Traffic Manager********11.5.111.6.5
    2.3ApplicationF5Big-ip Local Traffic Manager********12.1.012.1.5
    2.3ApplicationF5Big-ip Local Traffic Manager********13.0.013.1.3
    2.3ApplicationF5Big-ip Local Traffic Manager********14.0.014.1.2
    2.3ApplicationF5Big-ip Local Traffic Manager********15.0.015.1.0
    2.3ApplicationF5Big-ip Policy Enforcement Manager********11.5.111.6.5
    2.3ApplicationF5Big-ip Policy Enforcement Manager********12.1.012.1.5
    2.3ApplicationF5Big-ip Policy Enforcement Manager********13.0.013.1.3
    2.3ApplicationF5Big-ip Policy Enforcement Manager********14.0.014.1.2
    2.3ApplicationF5Big-ip Policy Enforcement Manager********15.0.015.1.0
    2.3ApplicationF5Big-ip Webaccelerator********11.5.111.6.5
    2.3ApplicationF5Big-ip Webaccelerator********12.1.012.1.5
    2.3ApplicationF5Big-ip Webaccelerator********13.0.013.1.3
    2.3ApplicationF5Big-ip Webaccelerator********14.0.014.1.2
    2.3ApplicationF5Big-ip Webaccelerator********15.0.015.1.0
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Enterprise Manager3.1.1*******
    2.3ApplicationF5Iworkflow2.3.0*******

Vulnerable Software List

VendorProductVersions
F5 Big-ip Application Acceleration Manager *
F5 Big-ip Domain Name System *
F5 Big-ip Policy Enforcement Manager *
F5 Big-ip Webaccelerator *
F5 Big-iq Centralized Management *, 7.0.0
F5 Big-ip Link Controller *
F5 Big-ip Analytics *
F5 Big-ip Global Traffic Manager *
F5 Big-ip Access Policy Manager *
F5 Big-ip Local Traffic Manager *
F5 Iworkflow 2.3.0
F5 Big-ip Edge Gateway *
F5 Big-ip Fraud Protection Service *
F5 Enterprise Manager 3.1.1
F5 Big-ip Application Security Manager *
F5 Big-ip Advanced Firewall Manager *

References

NameSourceURLTags
https://support.f5.com/csp/article/K21711352https://support.f5.com/csp/article/K21711352CONFIRMVendor Advisory