CVE-2019-6685

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.5.2 through 11.6.5.1 F5 BIG-IP versions 12.1.0 through 12.1.5 F5 BIG-IP versions 13.1.0 through 13.1.3.1 F5 BIG-IP versions 14.0.0 through 14.0.1 F5 BIG-IP versions 14.1.0 through 14.1.2.2 F5 BIG-IP versions 15.0.0 through 15.0.1.1

Description The issue allows users with access to edit iRules to create iRules that can lead to an elevation of privilege, configuration modification, and arbitrary system command execution.

Recommendations For F5 BIG-IP versions 11.5.2 through 11.6.5.1, restrict access to edit iRules to minimize the risk of exploitation. For F5 BIG-IP versions 12.1.0 through 12.1.5, restrict access to edit iRules to minimize the risk of exploitation. For F5 BIG-IP versions 13.1.0 through 13.1.3.1, restrict access to edit iRules to minimize the risk of exploitation. For F5 BIG-IP versions 14.0.0 through 14.0.1, restrict access to edit iRules to minimize the risk of exploitation. For F5 BIG-IP versions 14.1.0 through 14.1.2.2, restrict access to edit iRules to minimize the risk of exploitation. For F5 BIG-IP versions 15.0.0 through 15.0.1.1, restrict access to edit iRules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.