CVE-2019-6685
HIGH WAF: Low
CVSS 7.8
Published: 2019-12-23
CWE-269
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| f5 | big-ip_access_policy_manager | 11.5.2 - 11.6.5 |
| f5 | big-ip_access_policy_manager | 12.1.0 - 12.1.5 |
| f5 | big-ip_access_policy_manager | 13.1.0 - 13.1.3.2 |
| f5 | big-ip_access_policy_manager | 14.0.0 - 14.0.1.1 |
| f5 | big-ip_access_policy_manager | 14.1.0 - 14.1.2.3 |
| f5 | big-ip_access_policy_manager | 15.0.0 - 15.1.0 |
| f5 | big-ip_advanced_firewall_manager | 11.5.2 - 11.6.5 |
| f5 | big-ip_advanced_firewall_manager | 12.1.0 - 12.1.5 |
| f5 | big-ip_advanced_firewall_manager | 13.1.0 - 13.1.3.2 |
| f5 | big-ip_advanced_firewall_manager | 14.0.0 - 14.0.1.1 |
References
- support.f5.com (Vendor Advisory)