Application Acceleration Manager Vulnerability in F5 BIG-IP
CVE-2019-6601

5.5MEDIUM

Key Information:

Vendor: F5
Status: Big-ip (aam)
Vendor: CVE Published:; 11 March 2019

Summary

The Application Acceleration Manager (AAM) in F5 BIG-IP versions 13.0.0, 12.1.0 to 12.1.3.7, and 11.6.1 to 11.6.3.2 contains a flaw in the wamd process that fails to adequately drop group permissions when executing helper scripts during the processing of images and PDFs. This oversight could allow an attacker to exploit the process to execute unintended actions or commands, potentially compromising the integrity of affected systems.

Affected Version(s)

BIG-IP (AAM) 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8

References

https://support.f5.com/csp/article/K25359902

x_refsource_CONFIRM

http://www.securityfocus.com/bid/107444

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2019
Vulnerability Reserved
Jan 22, 2019