CVE-2019-6618

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.5.2 through 11.5.8 F5 BIG-IP versions 11.6.1 through 11.6.3.4 F5 BIG-IP versions 12.1.0 through 12.1.4 F5 BIG-IP versions 13.0.0 through 13.1.1.4 F5 BIG-IP versions 14.0.0 through 14.1.0.1

Description The issue allows users with the Resource Administrator role to modify sensitive portions of the filesystem, such as editing /etc/passwd, if provided Advanced Shell Access. This enables modifications to user objects, which contradicts the intended restrictions for the Resource Administrator role.

Recommendations For F5 BIG-IP versions 11.5.2 through 11.5.8, restrict Advanced Shell Access for users with the Resource Administrator role to prevent unauthorized modifications to the filesystem. For F5 BIG-IP versions 11.6.1 through 11.6.3.4, restrict Advanced Shell Access for users with the Resource Administrator role to prevent unauthorized modifications to the filesystem. For F5 BIG-IP versions 12.1.0 through 12.1.4, restrict Advanced Shell Access for users with the Resource Administrator role to prevent unauthorized modifications to the filesystem. For F5 BIG-IP versions 13.0.0 through 13.1.1.4, restrict Advanced Shell Access for users with the Resource Administrator role to prevent unauthorized modifications to the filesystem. For F5 BIG-IP versions 14.0.0 through 14.1.0.1, restrict Advanced Shell Access for users with the Resource Administrator role to prevent unauthorized modifications to the filesystem.