Information disclosure

2019-12-2319:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.

CPENameOperatorVersion
big-ip_access_policy_managerge11.5.1
big-ip_access_policy_managerle11.6.5
big-ip_access_policy_managerge12.1.0
big-ip_access_policy_managerle12.1.5
big-ip_access_policy_managerge13.0.0
big-ip_access_policy_managerle13.1.3
big-ip_access_policy_managerge14.0.0
big-ip_access_policy_managerle14.1.2
big-ip_access_policy_managerge15.0.0
big-ip_access_policy_managerle15.1.0

Name	Operator	Version
big-ip_access_policy_manager	ge	11.5.1
big-ip_access_policy_manager	le	11.6.5
big-ip_access_policy_manager	ge	12.1.0
big-ip_access_policy_manager	le	12.1.5
big-ip_access_policy_manager	ge	13.0.0
big-ip_access_policy_manager	le	13.1.3
big-ip_access_policy_manager	ge	14.0.0
big-ip_access_policy_manager	le	14.1.2
big-ip_access_policy_manager	ge	15.0.0
big-ip_access_policy_manager	le	15.1.0