CVE-2019-6679

Name of the Vulnerable Software and Affected Versions BIG-IP versions 11.5.9 through 11.5.10 BIG-IP versions 11.6.4 through 11.6.5 BIG-IP versions 12.1.4.1 through 12.1.5 BIG-IP versions 13.1.1.5 through 13.1.3.1 BIG-IP versions 14.0.0.5 through 14.0.1 BIG-IP versions 14.1.0.2 through 14.1.2.2 BIG-IP versions 15.0.0 through 15.0.1

Description The issue arises from improper enforcement of access controls for paths that are symlinks, as implemented by scp.whitelist and scp.blacklist. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted.

Recommendations For BIG-IP versions 11.5.9 through 11.5.10, consider restricting SCP access until a patch is available. For BIG-IP versions 11.6.4 through 11.6.5, consider restricting SCP access until a patch is available. For BIG-IP versions 12.1.4.1 through 12.1.5, consider restricting SCP access until a patch is available. For BIG-IP versions 13.1.1.5 through 13.1.3.1, consider restricting SCP access until a patch is available. For BIG-IP versions 14.0.0.5 through 14.0.1, consider restricting SCP access until a patch is available. For BIG-IP versions 14.1.0.2 through 14.1.2.2, consider restricting SCP access until a patch is available. For BIG-IP versions 15.0.0 through 15.0.1, consider restricting SCP access until a patch is available.