CVE-2019-6616

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.5.2 through 11.5.8 F5 BIG-IP versions 11.6.1 through 11.6.3.4 F5 BIG-IP versions 12.1.0 through 12.1.4 F5 BIG-IP versions 13.0.0 through 13.1.1.4 F5 BIG-IP versions 14.0.0 through 14.1.0.1

Description Administrative users with TMSH access can overwrite critical system files on BIG-IP, resulting in the bypass of whitelist and blacklist restrictions enforced by appliance mode.

Recommendations For F5 BIG-IP versions 11.5.2 through 11.5.8, restrict TMSH access to authorized personnel to minimize the risk of exploitation. For F5 BIG-IP versions 11.6.1 through 11.6.3.4, restrict TMSH access to authorized personnel to minimize the risk of exploitation. For F5 BIG-IP versions 12.1.0 through 12.1.4, restrict TMSH access to authorized personnel to minimize the risk of exploitation. For F5 BIG-IP versions 13.0.0 through 13.1.1.4, restrict TMSH access to authorized personnel to minimize the risk of exploitation. For F5 BIG-IP versions 14.0.0 through 14.1.0.1, restrict TMSH access to authorized personnel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.