Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager by F5

    CVE-2019-19151 (GCVE-0-2019-19151)

    Vulnerability from nvd – Published: 2019-12-23 18:03 – Updated: 2024-08-05 02:09
    VLAI
    Summary
    On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K21711352 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager Affected: BIG-IP 15.0.0-15.1.0
    Affected: 14.0.0-14.1.2.3
    Affected: 13.1.0-13.1.3.2
    Affected: 12.1.0-12.1.5
    Affected: 11.5.2-11.6.5.1
    Affected: BIG-IQ 7.0.0
    Affected: 6.0.0-6.1.0
    Affected: 5.0.0-5.4.0
    Affected: iWorkflow 2.3.0
    Affected: Enterprise Manager 3.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K21711352"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIG-IP 15.0.0-15.1.0"
                },
                {
                  "status": "affected",
                  "version": "14.0.0-14.1.2.3"
                },
                {
                  "status": "affected",
                  "version": "13.1.0-13.1.3.2"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.5"
                },
                {
                  "status": "affected",
                  "version": "11.5.2-11.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "BIG-IQ 7.0.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0-5.4.0"
                },
                {
                  "status": "affected",
                  "version": "iWorkflow 2.3.0"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Manager 3.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-23T18:03:02.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K21711352"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2019-19151",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIG-IP 15.0.0-15.1.0"
                              },
                              {
                                "version_value": "14.0.0-14.1.2.3"
                              },
                              {
                                "version_value": "13.1.0-13.1.3.2"
                              },
                              {
                                "version_value": "12.1.0-12.1.5"
                              },
                              {
                                "version_value": "11.5.2-11.6.5.1"
                              },
                              {
                                "version_value": "BIG-IQ 7.0.0"
                              },
                              {
                                "version_value": "6.0.0-6.1.0"
                              },
                              {
                                "version_value": "5.0.0-5.4.0"
                              },
                              {
                                "version_value": "iWorkflow 2.3.0"
                              },
                              {
                                "version_value": "Enterprise Manager 3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K21711352",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K21711352"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2019-19151",
        "datePublished": "2019-12-23T18:03:02.000Z",
        "dateReserved": "2019-11-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6642 (GCVE-0-2019-6642)

    Vulnerability from nvd – Published: 2019-07-01 20:21 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager Affected: BIG-IP 15.0.0
    Affected: 14.0.0-14.1.0.5
    Affected: 13.0.0-13.1.1.5
    Affected: 12.1.0-12.1.4.2
    Affected: 11.5.2-11.6.4
    Affected: BIG-IQ 6.0.0-6.1.0
    Affected: 5.1.0-5.4.0
    Affected: iWorkflow 2.3.0
    Affected: Enterprise Manager 3.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:22.538Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K40378764"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K40378764?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIG-IP 15.0.0"
                },
                {
                  "status": "affected",
                  "version": "14.0.0-14.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "13.0.0-13.1.1.5"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.4.2"
                },
                {
                  "status": "affected",
                  "version": "11.5.2-11.6.4"
                },
                {
                  "status": "affected",
                  "version": "BIG-IQ 6.0.0-6.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0-5.4.0"
                },
                {
                  "status": "affected",
                  "version": "iWorkflow 2.3.0"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Manager 3.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-09T19:06:40.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K40378764"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K40378764?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2019-6642",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIG-IP 15.0.0"
                              },
                              {
                                "version_value": "14.0.0-14.1.0.5"
                              },
                              {
                                "version_value": "13.0.0-13.1.1.5"
                              },
                              {
                                "version_value": "12.1.0-12.1.4.2"
                              },
                              {
                                "version_value": "11.5.2-11.6.4"
                              },
                              {
                                "version_value": "BIG-IQ 6.0.0-6.1.0"
                              },
                              {
                                "version_value": "5.1.0-5.4.0"
                              },
                              {
                                "version_value": "iWorkflow 2.3.0"
                              },
                              {
                                "version_value": "Enterprise Manager 3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K40378764",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K40378764"
                },
                {
                  "name": "https://support.f5.com/csp/article/K40378764?utm_source=f5support\u0026amp;utm_medium=RSS",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K40378764?utm_source=f5support\u0026amp;utm_medium=RSS"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2019-6642",
        "datePublished": "2019-07-01T20:21:01.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:22.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19151 (GCVE-0-2019-19151)

    Vulnerability from cvelistv5 – Published: 2019-12-23 18:03 – Updated: 2024-08-05 02:09
    VLAI
    Summary
    On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K21711352 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    F5 BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager Affected: BIG-IP 15.0.0-15.1.0
    Affected: 14.0.0-14.1.2.3
    Affected: 13.1.0-13.1.3.2
    Affected: 12.1.0-12.1.5
    Affected: 11.5.2-11.6.5.1
    Affected: BIG-IQ 7.0.0
    Affected: 6.0.0-6.1.0
    Affected: 5.0.0-5.4.0
    Affected: iWorkflow 2.3.0
    Affected: Enterprise Manager 3.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K21711352"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIG-IP 15.0.0-15.1.0"
                },
                {
                  "status": "affected",
                  "version": "14.0.0-14.1.2.3"
                },
                {
                  "status": "affected",
                  "version": "13.1.0-13.1.3.2"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.5"
                },
                {
                  "status": "affected",
                  "version": "11.5.2-11.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "BIG-IQ 7.0.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0-5.4.0"
                },
                {
                  "status": "affected",
                  "version": "iWorkflow 2.3.0"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Manager 3.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-23T18:03:02.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K21711352"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2019-19151",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIG-IP 15.0.0-15.1.0"
                              },
                              {
                                "version_value": "14.0.0-14.1.2.3"
                              },
                              {
                                "version_value": "13.1.0-13.1.3.2"
                              },
                              {
                                "version_value": "12.1.0-12.1.5"
                              },
                              {
                                "version_value": "11.5.2-11.6.5.1"
                              },
                              {
                                "version_value": "BIG-IQ 7.0.0"
                              },
                              {
                                "version_value": "6.0.0-6.1.0"
                              },
                              {
                                "version_value": "5.0.0-5.4.0"
                              },
                              {
                                "version_value": "iWorkflow 2.3.0"
                              },
                              {
                                "version_value": "Enterprise Manager 3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K21711352",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K21711352"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2019-19151",
        "datePublished": "2019-12-23T18:03:02.000Z",
        "dateReserved": "2019-11-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6642 (GCVE-0-2019-6642)

    Vulnerability from cvelistv5 – Published: 2019-07-01 20:21 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager Affected: BIG-IP 15.0.0
    Affected: 14.0.0-14.1.0.5
    Affected: 13.0.0-13.1.1.5
    Affected: 12.1.0-12.1.4.2
    Affected: 11.5.2-11.6.4
    Affected: BIG-IQ 6.0.0-6.1.0
    Affected: 5.1.0-5.4.0
    Affected: iWorkflow 2.3.0
    Affected: Enterprise Manager 3.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:22.538Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K40378764"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K40378764?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIG-IP 15.0.0"
                },
                {
                  "status": "affected",
                  "version": "14.0.0-14.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "13.0.0-13.1.1.5"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.4.2"
                },
                {
                  "status": "affected",
                  "version": "11.5.2-11.6.4"
                },
                {
                  "status": "affected",
                  "version": "BIG-IQ 6.0.0-6.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0-5.4.0"
                },
                {
                  "status": "affected",
                  "version": "iWorkflow 2.3.0"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Manager 3.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-09T19:06:40.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K40378764"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K40378764?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2019-6642",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIG-IP 15.0.0"
                              },
                              {
                                "version_value": "14.0.0-14.1.0.5"
                              },
                              {
                                "version_value": "13.0.0-13.1.1.5"
                              },
                              {
                                "version_value": "12.1.0-12.1.4.2"
                              },
                              {
                                "version_value": "11.5.2-11.6.4"
                              },
                              {
                                "version_value": "BIG-IQ 6.0.0-6.1.0"
                              },
                              {
                                "version_value": "5.1.0-5.4.0"
                              },
                              {
                                "version_value": "iWorkflow 2.3.0"
                              },
                              {
                                "version_value": "Enterprise Manager 3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K40378764",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K40378764"
                },
                {
                  "name": "https://support.f5.com/csp/article/K40378764?utm_source=f5support\u0026amp;utm_medium=RSS",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K40378764?utm_source=f5support\u0026amp;utm_medium=RSS"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2019-6642",
        "datePublished": "2019-07-01T20:21:01.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:22.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }