CVE-2019-6642

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.5.2 through 11.6.4 F5 BIG-IP versions 12.1.0 through 12.1.4.2 F5 BIG-IP versions 13.0.0 through 13.1.1.5 F5 BIG-IP versions 14.0.0 through 14.1.0.5 F5 BIG-IP version 15.0.0 F5 BIG-IQ versions 5.1.0 through 5.4.0 F5 BIG-IQ versions 6.0.0 through 6.1.0 F5 iWorkflow version 2.3.0 F5 Enterprise Manager version 3.1.1

Description The issue allows authenticated users with file upload capabilities, such as via scp, to escalate their privileges and gain root shell access from within the TMOS Shell (tmsh) interface. This interface enables users to execute secondary programs using tools like sftp or scp.

Recommendations For F5 BIG-IP versions 11.5.2 through 11.6.4, restrict access to the tmsh interface until a patch is available. For F5 BIG-IP versions 12.1.0 through 12.1.4.2, consider disabling the scp upload functionality to minimize the risk of exploitation. For F5 BIG-IP versions 13.0.0 through 13.1.1.5, avoid using the tmsh interface for executing secondary programs via sftp or scp until the issue is resolved. For F5 BIG-IP versions 14.0.0 through 14.1.0.5, limit user privileges to prevent escalation. For F5 BIG-IP version 15.0.0, restrict access to the tmsh interface until a patch is available. For F5 BIG-IQ versions 5.1.0 through 5.4.0, consider disabling the scp upload functionality to minimize the risk of exploitation. For F5 BIG-IQ versions 6.0.0 through 6.1.0, avoid using the tmsh interface for executing secondary programs via sftp or scp until the issue is resolved. For F5 iWorkflow version 2.3.0, restrict access to the tmsh interface until a patch is available. For F5 Enterprise Manager version 3.1.1, limit user privileges to prevent escalation.