Vulnerabilities > CVE-2019-6635 - Unspecified vulnerability in F5 products
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions.
Vulnerable Configurations
Nessus
NASL family | F5 Networks Local Security Checks |
NASL id | F5_BIGIP_SOL11330536.NASL |
description | When the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator rolecan bypass Appliance mode restrictions.(CVE-2019-6635) Impact BIG-IP This vulnerability allows local attackers with high-level privileges to overwrite arbitrary files. This behavior is possible only when the BIG-IP system runs in Appliance mode on any of the hardware platforms, and the user account is configured with Administrator or Resource Administrator role. Resource Administrator roles must have TMOS Shell ( tmsh ) access to perform the attack. Appliance mode is a licensed feature. This vulnerability does not affect the virtual platforms. Enterprise Manager /BIG-IQ / F5 iWorkflow / Traffix SDC There is no impact; F5 products are not affected by this vulnerability. |
last seen | 2020-03-17 |
modified | 2019-07-02 |
plugin id | 126396 |
published | 2019-07-02 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/126396 |
title | F5 Networks BIG-IP : BIG-IP Appliance mode vulnerability (K11330536) |
References
- http://www.securityfocus.com/bid/109098
- https://support.f5.com/csp/article/K11330536
- https://support.f5.com/csp/article/K11330536?utm_source=f5support&%3Butm_medium=RSS
- http://www.securityfocus.com/bid/109098
- https://support.f5.com/csp/article/K11330536?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K11330536