Vulnerabilities > F5 > BIG IP Access Policy Manager > 14.0.1.1

DATE CVE VULNERABILITY TITLE RISK
2019-07-02 CVE-2019-6620 OS Command Injection vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user.
network
low complexity
f5 CWE-78
6.5
6.5
2019-07-01 CVE-2019-6642 Unspecified vulnerability in F5 products
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface.
network
low complexity
f5
8.8
8.8
2019-06-19 CVE-2019-11478 Resource Exhaustion vulnerability in multiple products
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences.
network
low complexity
linux f5 canonical redhat pulsesecure ivanti CWE-400
7.5
7.5
2019-06-19 CVE-2019-11477 Integer Overflow or Wraparound vulnerability in multiple products
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs).
network
low complexity
linux f5 canonical redhat pulsesecure ivanti CWE-190
7.5
7.5
2019-05-03 CVE-2019-6619 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero.
network
low complexity
f5
7.5
7.5
2019-05-03 CVE-2019-6618 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users with the Resource Administrator role can modify sensitive portions of the filesystem if provided Advanced Shell Access, such as editing /etc/passwd.
network
low complexity
f5
4.0
4.0
2019-05-03 CVE-2019-6617 Improper Privilege Management vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access.
network
low complexity
f5 CWE-269
6.5
6.5
2019-05-03 CVE-2019-6616 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode.
network
low complexity
f5
7.2
7.2
2019-05-03 CVE-2019-6615 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems.
network
low complexity
f5
4.9
4.9
2019-05-03 CVE-2019-6614 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective.
network
low complexity
f5
6.5
6.5