Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K54336216
HistoryDec 20, 2019 - 12:00 a.m.

K54336216 : SCP vulnerability CVE-2019-6679

2019-12-2000:00:00
my.f5.com
21

AI Score

3.9

Confidence

High

EPSS

0

Percentile

12.6%

JSON

Security Advisory Description

The system does not properly enforce the access controls for the scp.whitelist and scp.blacklist files when paths are symbolic links (symlinks). This allows authenticated users with Secure Copy (SCP) protocol access to overwrite certain configuration files that would otherwise be restricted. (CVE-2019-6679)

Note: F5 is working to eliminate exclusionary language in our products and documentation. For more information, refer to K34150231: Exclusionary language in F5 products and documentation.

Impact

BIG-IP
Authenticated users with access to the Secure Copy utility (
scp), which is an OpenSSH tool, but without full file systemβ€”or Advanced Shell (bash
)β€”access, can overwrite certain configuration files.
BIG-IQ / Enterprise Manager / Traffix SDC
There is no impact; these F5 products are not affected by this vulnerability.

Related

cve 1
cvelist 1
prion 1
nvd 1
nessus 1
cve
cve
CVE-2019-6679
2019-12-23 18:15:11
cvelist
cvelist
CVE-2019-6679
2019-12-23 17:06:16
prion
prion
Design/Logic Flaw
2019-12-23 18:15:00
nvd
nvd
CVE-2019-6679
2019-12-23 18:15:11
nessus
nessus
F5 Networks BIG-IP : SCP vulnerability (K54336216)
2019-12-31 00:00:00

AI Score

3.9

Confidence

High

EPSS

0

Percentile

12.6%

JSON
Related for F5:K54336216
cve1cvelist1prion1nvd1nessus1