Vulnerabilities > CVE-2019-6646 - Unspecified vulnerability in F5 products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.
Vulnerable Configurations
Nessus
| NASL family | F5 Networks Local Security Checks |
| NASL id | F5_BIGIP_SOL53990093.NASL |
| description | REST users with guest privileges may beable to escalate their privilegesand run commands with admin privileges. (CVE-2019-6646) Impact Users with guest privileges are able to exploit this vulnerability to escalate their access privileges. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 127499 |
| published | 2019-08-12 |
| reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/127499 |
| title | F5 Networks BIG-IP : iControl REST vulnerability (K53990093) |