CVE-2019-6679 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2019-6679

Analyzed

More Info Official Page

Source-f5sirt@f5.com

Published At-23 Dec, 2019 | 18:15

Updated At-02 Jan, 2020 | 20:33

On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary	2.0	3.6	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:P

CPE Matches

>>big-ip_access_policy_manager>>Versions from 11.5.9(inclusive) to 11.5.10(inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 11.6.4(inclusive) to 11.6.5.1(exclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 12.1.4.1(inclusive) to 12.1.5(inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 13.1.1.5(inclusive) to 13.1.3.2(exclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 14.0.0.5(inclusive) to 14.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 14.1.0.2(inclusive) to 14.1.2.3(exclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 15.0.0(inclusive) to 15.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 11.5.9(inclusive) to 11.5.10(inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 11.6.4(inclusive) to 11.6.5.1(exclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 12.1.4.1(inclusive) to 12.1.5(inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 13.1.1.5(inclusive) to 13.1.3.2(exclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 14.0.0.5(inclusive) to 14.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 14.1.0.2(inclusive) to 14.1.2.3(exclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 15.0.0(inclusive) to 15.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 11.5.9(inclusive) to 11.5.10(inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 11.6.4(inclusive) to 11.6.5.1(exclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 12.1.4.1(inclusive) to 12.1.5(inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 13.1.1.5(inclusive) to 13.1.3.2(exclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 14.0.0.5(inclusive) to 14.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 14.1.0.2(inclusive) to 14.1.2.3(exclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 15.0.0(inclusive) to 15.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_application_acceleration_manager>>Versions from 11.5.9(inclusive) to 11.5.10(inclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

>>big-ip_application_acceleration_manager>>Versions from 11.6.4(inclusive) to 11.6.5.1(exclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

>>big-ip_application_acceleration_manager>>Versions from 12.1.4.1(inclusive) to 12.1.5(inclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

>>big-ip_application_acceleration_manager>>Versions from 13.1.1.5(inclusive) to 13.1.3.2(exclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

>>big-ip_application_acceleration_manager>>Versions from 14.0.0.5(inclusive) to 14.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

>>big-ip_application_acceleration_manager>>Versions from 14.1.0.2(inclusive) to 14.1.2.3(exclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

>>big-ip_application_acceleration_manager>>Versions from 15.0.0(inclusive) to 15.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 11.5.9(inclusive) to 11.5.10(inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 11.6.4(inclusive) to 11.6.5.1(exclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 12.1.4.1(inclusive) to 12.1.5(inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 13.1.1.5(inclusive) to 13.1.3.2(exclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 14.0.0.5(inclusive) to 14.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 14.1.0.2(inclusive) to 14.1.2.3(exclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 15.0.0(inclusive) to 15.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 11.5.9(inclusive) to 11.5.10(inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 11.6.4(inclusive) to 11.6.5.1(exclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 12.1.4.1(inclusive) to 12.1.5(inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 13.1.1.5(inclusive) to 13.1.3.2(exclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 14.0.0.5(inclusive) to 14.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 14.1.0.2(inclusive) to 14.1.2.3(exclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 15.0.0(inclusive) to 15.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 11.5.9(inclusive) to 11.5.10(inclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 11.6.4(inclusive) to 11.6.5.1(exclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 12.1.4.1(inclusive) to 12.1.5(inclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 13.1.1.5(inclusive) to 13.1.3.2(exclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 14.0.0.5(inclusive) to 14.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 14.1.0.2(inclusive) to 14.1.2.3(exclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 15.0.0(inclusive) to 15.0.1.1(exclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_fraud_protection_service>>Versions from 11.5.9(inclusive) to 11.5.10(inclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-59	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://support.f5.com/csp/article/K54336216	f5sirt@f5.com	Vendor Advisory