Vulnerabilities > CVE-2019-6635 - Unspecified vulnerability in F5 products
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions.
Vulnerable Configurations
Nessus
| NASL family | F5 Networks Local Security Checks |
| NASL id | F5_BIGIP_SOL11330536.NASL |
| description | When the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator rolecan bypass Appliance mode restrictions.(CVE-2019-6635) Impact BIG-IP This vulnerability allows local attackers with high-level privileges to overwrite arbitrary files. This behavior is possible only when the BIG-IP system runs in Appliance mode on any of the hardware platforms, and the user account is configured with Administrator or Resource Administrator role. Resource Administrator roles must have TMOS Shell ( tmsh ) access to perform the attack. Appliance mode is a licensed feature. This vulnerability does not affect the virtual platforms. Enterprise Manager /BIG-IQ / F5 iWorkflow / Traffix SDC There is no impact; F5 products are not affected by this vulnerability. |
| last seen | 2020-03-17 |
| modified | 2019-07-02 |
| plugin id | 126396 |
| published | 2019-07-02 |
| reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/126396 |
| title | F5 Networks BIG-IP : BIG-IP Appliance mode vulnerability (K11330536) |