fkie_cve-2019-6679
Vulnerability from fkie_nvd
Published
2019-12-23 18:15
Modified
2024-11-21 04:46
Severity ?
Summary
On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K54336216 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K54336216 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "663CFCFC-0EF1-49EE-AD45-DF000DFED5EC",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "670B16BD-CC3D-4B8C-873D-25298518F897",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "584C15A3-A1A5-44BD-9BA9-4A6CE5F29F93",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FBD071A-8776-4CE7-ACA5-93DB05283979",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA39500B-2A8E-42F3-9807-5F6422C376D7",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "068EB013-9760-4C21-9E0B-73B6DFBB87EE",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C24A8114-31AE-47C2-9FEE-52B69585D56A",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7EB47E-DE73-41F9-BA33-52CE4A3549CB",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CBB3A38-1B3F-4CD2-B869-1D0FB604C3D9",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38B546D8-60A0-4513-9FF3-652A57520270",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D93D8DBC-3EAF-4EA0-89A4-83931791DB1C",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B10E1E3-DBC3-40D8-B4D8-3CA0106524D2",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5ADAE8B-B9D9-4EB3-8F87-0FABED96766F",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFA9687-4655-4C45-ACE2-A957457BBD8B",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7688D8-0887-458C-ABD9-56216C6B6299",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1642883A-78A6-49DE-B2C1-E4C2BA7E3F70",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900E815B-D39D-40CF-BC98-D1024F7E4684",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D00805-06C4-4559-9D81-7E786155803C",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA5A5B1-8D01-40F1-B6DE-7BAC2C5C31D7",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75240F69-3439-4F2B-85FC-7F43290C79D9",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28054725-6775-4AEE-B686-FB690894D1C6",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "492E5BAA-81F6-4865-8CE8-CF2C6D33BD38",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55EE7D27-7F1D-4725-932A-CEC9FEFAC7B0",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898FAD54-DAA3-4236-98B5-9BCE2263BCF8",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70F7152D-78C9-47D4-92E1-06AB85673422",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CEB0FB-0E45-4F07-82EC-E3BE9E200151",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A1D681-D177-4C1C-B3E2-44E934F7D1A5",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3922DE9-3D92-484E-9BA2-1C278A6EDECE",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E1C3C0-9F6E-44D4-9B1E-432483E3D68D",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C92DEDA-0A8D-479C-8D6F-3DBA5E2B7101",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB29EAA-FFB9-43C5-B894-A2A8E5E9D569",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F727752E-E999-4C1F-BE1A-FDB9F11BC4FC",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD478C4-8E59-4BB4-ACF8-1174FED6852A",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A15D88-2B3D-4EF3-8B8D-38C0071C8D7C",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A58BD3F-F6D7-4EB3-B108-FEAA39262B75",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8349A6-7B31-40D1-8C3E-6898CA11C2F3",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ACD0EB-569D-45EB-AB0A-BEB505D94281",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BB9D0D-1C1C-4993-AF8D-A14BA22BE6DC",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EC8A86-408F-4FD5-AF2A-1D61A7C01A31",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF560E8-4134-43F2-8401-77D416C1062D",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF2FD7-E311-44E6-BF40-1EB4677287B3",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB0A0A1-244E-432F-8144-9770CC4AB696",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBB3F3C-CA82-49CC-826C-E725674D373E",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD3AF4FD-43CA-40CF-AB3F-EDF6BDFA9EDB",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B8C02A-9FCF-4CD6-9A5E-8DD8AC8960E9",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2C4786-D8E0-4D73-871A-DB494B11E207",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C338DA7-B2AB-4AC6-95EE-7F0B460616A4",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD7FA81-F9EC-4C1F-81F9-F1BBD68A418A",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4E7530-C750-4AE5-A98D-12F3E3819869",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD517AC2-2403-4A22-969E-5BC9300734B1",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87FA3A83-8270-4637-B2A4-567A01D11E8F",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0603B509-E865-499D-9ECB-F8428FE213D1",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2FEF7C-2F27-424C-BC22-0F6381A325AB",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CC2C14-54A3-414A-9958-B61A64E93558",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5DE659-69DD-4B6C-AD82-AB950BFE3F4D",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEB875C-E0EC-467B-9296-861F042AED67",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "073A98B3-A218-4E7B-AB6D-BE182CB144F8",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C081E7E5-E500-4906-90E4-E954712462A8",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9A01272-340A-4AEA-A0F4-0B4355E28997",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D454BA9-BA5E-4958-9F11-909F5BDBBD45",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C2E940D-9650-473A-94B6-DE9DAD1F2CE6",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "330C4C13-4987-498A-A621-BCDF2936860E",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFE4B6E-DB23-45FB-9075-FC6B52FC18FC",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9797027-90DD-4BEB-B848-21CA56D17B00",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74A779FF-3EAC-4CBE-AAAB-888F0D7D18AE",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF7590E-20F1-4003-82C5-3A15DDC000BD",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DFB9A7-8AA7-46D1-82BF-19350D8B0AF8",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01803A47-3D67-41B5-9E50-388A0620D852",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07D7C223-6E97-4715-A022-71282B2AECE5",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6300DC5-7D1F-4098-AD61-2826252A1C63",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAA51A1-C757-47F2-8942-966775517462",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F04F412-FAA6-4BAA-A2FF-1645CE309D9D",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13F29A8A-ACDD-4660-9ED9-3983A746750A",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBF8789-F734-41CC-AEAF-6668E7265720",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "695C7557-0865-49A7-9512-7D888DA6604B",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21E31BC2-4957-42B2-BB48-3F63C37A789D",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5485F6ED-F324-4124-9116-79E70909C5F7",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4ADC86E-0454-48FA-8875-9BAF0D575250",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE8024D-5AEB-46EC-AB07-876BDEDB2941",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF48BFD-2EBD-484B-9C85-C62A909786D9",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19BC68F3-1C52-4461-B28B-8A2258C85C2D",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE69AC5-42BA-471E-B707-DC4B30B62850",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AF8A69-2271-4EF8-89DE-BB72D92033DC",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E67E0B-E542-4863-99D8-B3836ECDC04D",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3244EC-F9D8-471E-80EA-92DA927A9510",
"versionEndIncluding": "11.5.10",
"versionStartIncluding": "11.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9DA6A0-67BE-4AD9-A2E6-B46DAF4E5CAB",
"versionEndExcluding": "11.6.5.1",
"versionStartIncluding": "11.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FEB771A-D3EA-4006-8548-68564004B74D",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D0B498-B554-40C9-B36C-3F0087A93BEA",
"versionEndExcluding": "13.1.3.2",
"versionStartIncluding": "13.1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3D094F-E9D3-4ED8-99FD-C4170ED3D846",
"versionEndExcluding": "14.0.1.1",
"versionStartIncluding": "14.0.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F045B119-481F-4FA7-A4A9-0E1C52892328",
"versionEndExcluding": "14.1.2.3",
"versionStartIncluding": "14.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F6FDF3-A70E-4F37-975F-85735776B4B8",
"versionEndExcluding": "15.0.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted."
},
{
"lang": "es",
"value": "En BIG-IP versiones 15.0.0 hasta 15.0.1, 14.1.0.2 hasta 14.1.2.2, 14.0.0.5 hasta 14.0.1, 13.1.1.5 hasta 13.1.3.1, 12.1.4.1 hasta 12.1.5, 11.6.4 hasta 11.6 .5 y 11.5.9 hasta 11.5.10, los controles de acceso implementados por parte de scp.whitelist y scp.blacklist no son aplicados apropiadamente para las rutas que son enlaces simb\u00f3licos. Esto permite a usuarios autenticados con acceso SCP sobrescribir ciertos archivos de configuraci\u00f3n que de otra manera estar\u00edan restringidos."
}
],
"id": "CVE-2019-6679",
"lastModified": "2024-11-21T04:46:56.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-23T18:15:11.160",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K54336216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K54336216"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…