CVE-2019-19151
CVE-2019-19151
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
23 dez 2019Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.
Produtos afetados
F5 · BIG-IP, BIG-IQ, iWorkflow, Enterprise ManagerQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://support.f5.com/csp/article/K21711352