On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files. (CVE-2019-6614)
Note: Appliance mode is designed to meet the needs of customers in especially sensitive sectors by limiting the BIG-IP system administrative access to match that of a typical network appliance and not a multi-user UNIX device. When a BIG-IP system is configured in Appliance mode, the Advanced Shell (bash) access to the file system is restricted. For information about Appliance mode, refer to K12815: Overview of Appliance mode.
Impact
BIG-IP
This vulnerability may allow unauthorized write privileges to system files on systems configured in Appliance mode.
BIG-IQ, F5 iWorkflow, Enterprise Manager, and Traffix SDC
There is no impact; these F5 products are not affected by this vulnerability.