K40378764 : F5 tmsh vulnerability CVE-2019-6642

2019-06-2700:00:00

my.f5.com

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Security Advisory Description

Authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. Thetmshinterface allows users to execute a secondary program via tools likesftporscp. (CVE-2019-6642)

Impact

BIG-IP, BIG-IQ, F5 iWorkflow, and Enterprise Manager

The affected systems are incidentally protected against direct access to the Advanced Shell (bash); however, users who can upload an executable file (or script) can bypass this protection.

Traffix SDC

There is no impact for this product as it is not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-ip afmeq11.5.10
big-ip afmeq11.5.2
big-ip afmeq11.5.3

Name	Operator	Version
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3

Rows per page:

1-10 of 3111