fkie_cve-2019-6617
Vulnerability from fkie_nvd
Published
2019-05-03 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | http://www.securityfocus.com/bid/108186 | Broken Link, Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2019-6617.txt | Third Party Advisory | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K38941195 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108186 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2019-6617.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K38941195 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609A31A8-E106-468C-8621-FBD0075E5C2E",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "022CB73B-8575-49BC-A782-7020ECDF85A9",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "038A8B61-CD54-4D41-9EDC-629E33389E17",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C22F2CB-FA25-4326-9542-FED6F97262DD",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB845EA7-3928-4FBE-ADB3-74AB8AB584F6",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394BD813-D7CF-41AF-9623-20EBFFC4E477",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4126BBEF-AFD8-44A2-9810-CBAFFEAA4FFA",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A60AA834-6C1E-4203-91DA-A2C8478A184F",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F602F8C-9548-47C4-A15E-FE52FDC37BFA",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE67A396-FD17-41DE-9F6B-00E760538786",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3132866D-82C6-4C16-A80B-7BBD210E8199",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "627F6B46-8D84-4B83-9606-DE77D35E8AEB",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFD0FF41-761A-440D-83F8-ED779CA4F38C",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5275F08-E0D0-402D-812C-C72AE26D95BC",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E0A944-3615-4B10-B27D-FEE228B7A4E6",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "431481E1-5C7B-4384-AA5F-00B2A6DCA9DB",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84585268-3D36-4688-B001-D184A3016708",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F5072A-0347-4B4D-805A-CC4BD869CFF3",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF225E1D-75DB-4E67-93A8-727E3A6F1896",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "716B53B2-FE8E-4535-B438-BDBADEDB8ADB",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EA47C1-757A-4034-8DFE-0B690696289B",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF730DB1-5C6B-4E49-94A8-80DABF7B215F",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06B52E4E-1DDE-49D0-AEE1-8A3A790BE30B",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A5F789-854D-4C17-98FE-85EAD8000C09",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F303D34A-0155-4248-88BF-59086A3E24AC",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F09EDA-97C4-4788-8BA9-FB90F4E9D2DE",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DBA19AD-E323-48B5-88D1-709B61971093",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E44D05AD-3C76-4EB9-B8F4-FC5837C72E48",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8AC313F-4776-482C-B8E4-E3993820DA94",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D79E48-7951-4ABE-AADF-0CE4975704FA",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3854B662-6BF0-4FE4-AC22-9895F30EBC79",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5E1DF0-9912-4B50-B6AB-59558DE30B50",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B50AFE19-77F8-4BCC-B287-E967497DF44A",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1209416-7A72-4B4E-B493-DCB1A04A39E1",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57BCC8CB-5CD1-48F0-9983-883BD20B44FB",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40DF8C8E-064E-4EF5-888C-4EBD784785AA",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E79EAE-4E0F-43DD-84AC-6BF55AB4F83F",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D441D2CE-C8F1-4688-903B-93F04BD1C8CE",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0915E0EA-4DBF-4D42-B533-7CB8674C5D97",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E61DD08-9CF9-457A-9120-52FA1F0ABD61",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EB3F8D-55CA-48D5-9A64-F4A4A97159DE",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "173F9D19-C921-40DE-AFB8-014777A13911",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "152970DD-B77B-49C7-A02E-FC823E0E633F",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCC67AD-46E4-40C5-AEED-C4691C731978",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3077533D-DCF2-47AE-B9BD-E88C5C9A8CA5",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57606901-522F-478F-B49B-13B600DC1F95",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9507B6E2-6403-448D-B8E5-4F80FB2C5513",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8B6C1C-D373-4E5D-902E-DA590D182E19",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF10D9A8-AC97-4864-B7E9-8209983B2489",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A7C7B7-9956-4921-A701-032D67EE156F",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65F0F85E-3C6D-4329-BA19-3FD9119D5782",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD0ECA3-32E2-4A01-9FA1-572FE74C80DC",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "428FCCE2-10D7-42B2-AF25-8109BAB2A6E1",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19CF4C32-368F-42B3-B1EE-C59CC12EF745",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70EB94C1-8799-453C-BB63-4EB9B905F70C",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C83561-E721-432E-BFAF-A873C3D10BF8",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA91D9D-9283-4150-8BCC-827CCD3CB0C9",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFEDB33-A655-4F67-B43E-DED5FC8183D4",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B310516-87E6-453A-82E7-CDDB9F9D5E57",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3293CE1D-A278-4C80-8F1C-0894162465B6",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "140C3519-4BD2-4501-9479-D2FA3770134E",
"versionEndExcluding": "11.5.9",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D76A899-8EFB-4881-8201-27C2E2B43829",
"versionEndExcluding": "11.6.4",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E703372-E37E-4DD8-8C6A-EE6EC4EFC900",
"versionEndExcluding": "12.1.4.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "117DFD13-51F9-46E8-B000-3364B7ED8364",
"versionEndExcluding": "13.1.1.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCE1FEC-7D71-4AA8-A6FD-AFA05D94F965",
"versionEndExcluding": "14.1.0.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions."
},
{
"lang": "es",
"value": "En BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, y 11.5.2-11.5.8, un usuario con el rol de \" Resource Administrator\" esta capacitado para sobrescribir archivos sensibles de bajo nivel (como /etc/passwd) empleando SFTP para modificar los permisos de usuarios, sin el acceso a una Shell Avanzada. Esto es opuesto a nuestras restricciones de rol para el \"Resource Administrator\" (RA)."
}
],
"id": "CVE-2019-6617",
"lastModified": "2024-11-21T04:46:48.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-03T20:29:01.623",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108186"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2019-6617.txt"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K38941195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2019-6617.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K38941195"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.