Search...

CVE-2019-6621

2019-07-02T21:15:00

ID CVE-2019-6621
Type cve
Reporter cve@mitre.org
Modified 2020-11-19T01:15:00

Description

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations.

JSON Vulners Source

Initial Source

{"id": "CVE-2019-6621", "bulletinFamily": "NVD", "title": "CVE-2019-6621", "description": "On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations.", "published": "2019-07-02T21:15:00", "modified": "2020-11-19T01:15:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6621", "reporter": "cve@mitre.org", "references": ["https://support.f5.com/csp/article/K20541896?utm_source=f5support&utm_medium=RSS", "https://support.f5.com/csp/article/K20541896"], "cvelist": ["CVE-2019-6621"], "type": "cve", "lastseen": "2020-12-09T21:41:56", "edition": 13, "viewCount": 135, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K20541896"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL20541896.NASL"]}], "modified": "2020-12-09T21:41:56", "rev": 2}, "score": {"value": 3.0, "vector": "NONE", "modified": "2020-12-09T21:41:56", "rev": 2}, "vulnersScore": 3.0}, "cpe": ["cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.4", "cpe:/a:f5:big-ip_application_security_manager:12.1.4", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.4", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.4", "cpe:/a:f5:big-ip_domain_name_system:12.1.4", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.4", "cpe:/a:f5:big-ip_link_controller:12.1.4", "cpe:/a:f5:big-ip_webaccelerator:12.1.4", "cpe:/a:f5:big-iq_centralized_management:6.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.4", "cpe:/a:f5:big-iq_centralized_management:5.4.0", "cpe:/a:f5:big-ip_analytics:12.1.4", "cpe:/a:f5:big-ip_global_traffic_manager:11.5.9", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.4", "cpe:/a:f5:big-ip_access_policy_manager:12.1.4", "cpe:/a:f5:big-ip_edge_gateway:12.1.4"], "affectedSoftware": [{"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_webaccelerator", "name": "f5 big-ip webaccelerator", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_webaccelerator", "name": "f5 big-ip webaccelerator", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "lt", "version": "11.5.9"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_edge_gateway", "name": "f5 big-ip edge gateway", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_edge_gateway", "name": "f5 big-ip edge gateway", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_edge_gateway", "name": "f5 big-ip edge gateway", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_webaccelerator", "name": "f5 big-ip webaccelerator", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "lt", "version": "11.5.9"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "lt", "version": "11.5.9"}, {"cpeName": "f5:big-ip_webaccelerator", "name": "f5 big-ip webaccelerator", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-iq_centralized_management", "name": "f5 big-iq centralized management", "operator": "le", "version": "5.4.0"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "le", "version": "11.5.9"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "lt", "version": "11.5.9"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_webaccelerator", "name": "f5 big-ip webaccelerator", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "lt", "version": "11.5.9"}, {"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "lt", "version": "11.5.9"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-iq_centralized_management", "name": "f5 big-iq centralized management", "operator": "le", "version": "6.1.0"}, {"cpeName": "f5:big-ip_webaccelerator", "name": "f5 big-ip webaccelerator", "operator": "lt", "version": "11.5.9"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "lt", "version": "11.5.9"}, {"cpeName": "f5:big-ip_edge_gateway", "name": "f5 big-ip edge gateway", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "lt", "version": "14.1.0.6"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "lt", "version": "14.0.0.5"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "lt", "version": "11.5.9"}, {"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "lt", "version": "13.1.1.5"}, {"cpeName": "f5:big-ip_edge_gateway", "name": "f5 big-ip edge gateway", "operator": "lt", "version": "11.5.9"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_edge_gateway", "name": "f5 big-ip edge gateway", "operator": "lt", "version": "11.6.4"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "lt", "version": "11.5.9"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "le", "version": "12.1.4"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "lt", "version": "11.5.8"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "lt", "version": "14.0.0.5"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-iq_centralized_management:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-iq_centralized_management:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.4:*:*:*:*:*:*:*"], "cwe": ["CWE-78"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.9:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.9:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:11.5.9:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:11.5.9:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:11.5.9:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.9:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.9:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.9:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:11.5.9:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:5.4.0:*:*:*:*:*:*:*", "versionEndIncluding": "5.4.0", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:6.1.0:*:*:*:*:*:*:*", "versionEndIncluding": "6.1.0", "versionStartIncluding": "6.0.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:11.5.9:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.9:*:*:*:*:*:*:*", "versionEndIncluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.5.9:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.9", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.1.5:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.4:*:*:*:*:*:*:*", "versionEndExcluding": "11.6.4", "versionStartIncluding": "11.6.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.8:*:*:*:*:*:*:*", "versionEndExcluding": "11.5.8", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.4:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.6:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1.0", "vulnerable": true}], "operator": "OR"}]}}

{"f5": [{"lastseen": "2020-04-06T22:40:50", "bulletinFamily": "software", "cvelist": ["CVE-2019-6621"], "description": "\nF5 Product Development has assigned ID 737574 (BIG-IP), and ID 746610 (BIG-IQ) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | None | 15.0.0 | High | [7.2](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H>) | iControl REST and \n**tmsh** utility \n14.x | 14.1.0 \n14.0.0 | 14.1.0.6 \n14.0.0.5 \n13.x | 13.0.0 - 13.1.1 | 13.1.1.5 \n12.x | 12.1.0 - 12.1.4 | 12.1.5 \n11.x | 11.6.1 - 11.6.3 \n11.5.2 - 11.5.8 | 11.6.4 \n11.5.9 \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | High | [7.2](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H>) | iControl REST \n5.x | 5.1.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-08-12T18:57:00", "published": "2019-07-02T00:47:00", "id": "F5:K20541896", "href": "https://support.f5.com/csp/article/K20541896", "title": "iControl REST and tmsh vulnerability CVE-2019-6621", "type": "f5", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-11-21T02:02:41", "description": "On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,\n12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ\n7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl\nREST worker is vulnerable to command injection by an admin/resource\nadmin user. This issue impacts both iControl REST and tmsh\nimplementations. (CVE-2019-6621)\n\nImpact\n\nBIG-IP and BIG-IQ\n\nThis vulnerability may bypass appliance mode security by allowing the\nexecution of arbitrary Advanced Shell ( bash ) commands. In\nnon-Appliance mode deployments, the Administrator and Resource\nAdministrator users already own this level of access. F5 considers\nthis vulnerability a security concern primarily for systems deployed\nin Appliance mode, though a valid attack vector exists for\nnon-appliance mode systems with users who are not already granted bash\naccess, such as a Resource Administrator, who by default is not\nexplicitly granted bash access.\n\nEnterprise Manager, F5 iWorkflow, and Traffix SDC\n\nThere is no impact; these F5 products are not affected by this\nvulnerability.", "edition": 8, "cvss3": {"score": 7.2, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-02T00:00:00", "title": "F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K20541896)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6621"], "modified": "2019-07-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL20541896.NASL", "href": "https://www.tenable.com/plugins/nessus/126399", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K20541896.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126399);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2019-6621\");\n\n script_name(english:\"F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K20541896)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,\n12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ\n7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl\nREST worker is vulnerable to command injection by an admin/resource\nadmin user. This issue impacts both iControl REST and tmsh\nimplementations. (CVE-2019-6621)\n\nImpact\n\nBIG-IP and BIG-IQ\n\nThis vulnerability may bypass appliance mode security by allowing the\nexecution of arbitrary Advanced Shell ( bash ) commands. In\nnon-Appliance mode deployments, the Administrator and Resource\nAdministrator users already own this level of access. F5 considers\nthis vulnerability a security concern primarily for systems deployed\nin Appliance mode, though a valid attack vector exists for\nnon-appliance mode systems with users who are not already granted bash\naccess, such as a Resource Administrator, who by default is not\nexplicitly granted bash access.\n\nEnterprise Manager, F5 iWorkflow, and Traffix SDC\n\nThere is no impact; these F5 products are not affected by this\nvulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K20541896\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K20541896.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K20541896\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.5.2-11.5.8\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.1.5\",\"12.1.5\",\"11.6.4\",\"11.5.9\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.5.2-11.5.8\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.1.5\",\"12.1.5\",\"11.6.4\",\"11.5.9\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.5.2-11.5.8\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.1.5\",\"12.1.5\",\"11.6.4\",\"11.5.9\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.5.2-11.5.8\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.1.5\",\"12.1.5\",\"11.6.4\",\"11.5.9\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.5.2-11.5.8\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.1.5\",\"12.1.5\",\"11.6.4\",\"11.5.9\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.5.2-11.5.8\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.1.5\",\"12.1.5\",\"11.6.4\",\"11.5.9\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.5.2-11.5.8\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.1.5\",\"12.1.5\",\"11.6.4\",\"11.5.9\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.5.2-11.5.8\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.1.5\",\"12.1.5\",\"11.6.4\",\"11.5.9\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.5.2-11.5.8\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.1.5\",\"12.1.5\",\"11.6.4\",\"11.5.9\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.6.1-11.6.3\",\"11.5.2-11.5.8\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"15.0.0\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.1.5\",\"12.1.5\",\"11.6.4\",\"11.5.9\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}