CVE-2019-6642

high-risk

Published 2019-07-01

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.

Do I need to act?

0.61% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Big-Ip Access Policy Manager

Big-Ip Advanced Firewall Manager

Big-Ip Application Acceleration Manager

Big-Ip Link Controller

Big-Ip Policy Enforcement Manager

Big-Ip Webaccelerator

Big-Ip Application Security Manager

Big-Ip Local Traffic Manager

Big-Ip Fraud Protection Service

Big-Ip Global Traffic Manager

Affected Vendors

References (4)

Vendor Advisory https://support.f5.com/csp/article/K40378764

https://support.f5.com/csp/article/K40378764?utm_source=f5support&amp%3Butm_medi...

Vendor Advisory https://support.f5.com/csp/article/K40378764

https://support.f5.com/csp/article/K40378764?utm_source=f5support&amp%3Butm_medi...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 2/34 · Minimal

Exposure 22/34 · High