K20445457 : iControl REST vulnerability CVE-2019-6620

2019-07-0100:00:00

my.f5.com

0.002 Low

EPSS

Percentile

53.1%

JSON

Security Advisory Description

Undisclosed iControl REST worker vulnerable to command injection for an Administrator user. (CVE-2019-6620)

Impact

BIG-IP and BIG-IQ

This vulnerability may bypass Appliance mode security by allowing the execution of arbitrary bash commands. In non-Appliance mode deployments, the Administrator and Resource Administrator users already own this level of access. F5 considers this vulnerability a security concern primarily for systems deployed in Appliance mode. In addition, a valid attack vector exists for users who are not already granted Advanced Shell (bash) access, such as a Resource Administrator, who by default is not explicitly grantedbash access.

Enterprise Manager, F5 iWorkflow, and Traffix SDC

There is no impact; F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0
big-iq centralized managementeq8.0.0

Name	Operator	Version
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0
big-iq centralized management	eq	8.0.0

Rows per page:

1-10 of 2461

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for F5:K20445457