CVE-2019-6621

Name of the Vulnerable Software and Affected Versions BIG-IP versions 11.5.2 through 11.5.8 BIG-IP versions 11.6.1 through 11.6.3.4 BIG-IP versions 12.1.0 through 12.1.4.1 BIG-IP versions 13.0.0 through 13.1.1.4 BIG-IP versions 14.0.0 through 14.0.0.4 BIG-IP versions 14.1.0 through 14.1.0.5 BIG-IQ versions 5.1.0 through 5.4.0 BIG-IQ versions 6.0.0 through 6.1.0 BIG-IQ versions 7.0.0 through 7.1.0.2

Description An undisclosed iControl REST worker in BIG-IP and BIG-IQ is vulnerable to command injection by an admin or resource admin user. This issue affects both iControl REST and tmsh implementations.

Recommendations For BIG-IP versions 11.5.2 through 11.5.8, update to a version outside of this range to resolve the issue. For BIG-IP versions 11.6.1 through 11.6.3.4, update to a version outside of this range to resolve the issue. For BIG-IP versions 12.1.0 through 12.1.4.1, update to a version outside of this range to resolve the issue. For BIG-IP versions 13.0.0 through 13.1.1.4, update to a version outside of this range to resolve the issue. For BIG-IP versions 14.0.0 through 14.0.0.4, update to a version outside of this range to resolve the issue. For BIG-IP versions 14.1.0 through 14.1.0.5, update to a version outside of this range to resolve the issue. For BIG-IQ versions 5.1.0 through 5.4.0, update to a version outside of this range to resolve the issue. For BIG-IQ versions 6.0.0 through 6.1.0, update to a version outside of this range to resolve the issue. For BIG-IQ versions 7.0.0 through 7.1.0.2, update to a version outside of this range to resolve the issue.