File Overwrite Vulnerability in BIG-IP by F5 Networks
CVE-2019-6616

7.2HIGH

Key Information:

Vendor: F5
Status: Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator)
Vendor: CVE Published:; 3 May 2019

Summary

The vulnerability allows administrative users with TMSH access on specific versions of F5 BIG-IP to overwrite critical system files. This could potentially lead to the circumvention of established whitelist and blacklist controls, adversely affecting the security posture of the appliance. Organizations utilizing these affected versions should assess their systems for risk and apply appropriate security measures.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) 14.0.0-14.1.0.1

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) 13.0.0-13.1.1.4

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) 12.1.0-12.1.4

References

https://support.f5.com/csp/article/K82814400

x_refsource_CONFIRM

http://www.securityfocus.com/bid/108298

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2019
Vulnerability Reserved
Jan 22, 2019