CVE-2019-6601

5.5MEDIUM

Key Information:

Vendor
F5
Status
Big-ip (aam)
Vendor
CVE Published:
11 March 2019

Summary

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts.

Affected Version(s)

BIG-IP (AAM) 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8

References

https://support.f5.com/csp/article/K25359902
x_refsource_CONFIRM
http://www.securityfocus.com/bid/107444
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.