Vulnerabilities > CVE-2019-6646 - Unspecified vulnerability in F5 products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
f5
nessus

Summary

On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.

Vulnerable Configurations

Part Description Count
Application
F5
286

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL53990093.NASL
descriptionREST users with guest privileges may beable to escalate their privilegesand run commands with admin privileges. (CVE-2019-6646) Impact Users with guest privileges are able to exploit this vulnerability to escalate their access privileges.
last seen2020-06-01
modified2020-06-02
plugin id127499
published2019-08-12
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/127499
titleF5 Networks BIG-IP : iControl REST vulnerability (K53990093)