What is the severity of CVE-2019-6614?

CVE-2019-6614 has a severity rating of high due to the potential for an authenticated attacker to exploit it.

How do I fix CVE-2019-6614?

To remediate CVE-2019-6614, it is recommended to upgrade to the latest patched version of F5 BIG-IP products.

What systems are affected by CVE-2019-6614?

CVE-2019-6614 affects F5 BIG-IP versions ranging from 12.1.0 to 14.1.0 on various modules including Access Policy Manager and Application Security Manager.

Can an attacker exploit CVE-2019-6614 without authentication?

No, an attacker must have a high privilege account to exploit the vulnerability in CVE-2019-6614.

What type of vulnerability is CVE-2019-6614 classified as?

CVE-2019-6614 is classified as an arbitrary file overwrite vulnerability.

Vulnerability/
CVE-2019-6614

medium

6.5

3/5/2019

4/8/2024

CVE-2019-6614

First published: Fri May 03 2019(Updated: )

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files.

Credit: f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 BIG-IP Access Policy Manager	>=12.1.0<12.1.4.1
F5 BIG-IP Access Policy Manager	>=13.0.0<13.1.1.5
F5 BIG-IP Access Policy Manager	>=14.0.0<14.1.0.2
F5 BIG-IP Advanced Firewall Manager	>=12.1.0<12.1.4.1
F5 BIG-IP Advanced Firewall Manager	>=13.0.0<13.1.1.5
F5 BIG-IP Advanced Firewall Manager	>=14.0.0<14.1.0.2
f5 big-ip application acceleration manager	>=12.1.0<12.1.4.1
f5 big-ip application acceleration manager	>=13.0.0<13.1.1.5
f5 big-ip application acceleration manager	>=14.0.0<14.1.0.2
f5 big-ip link controller	>=12.1.0<12.1.4.1
f5 big-ip link controller	>=13.0.0<13.1.1.5
f5 big-ip link controller	>=14.0.0<14.1.0.2
F5 BIG-IP Policy Enforcement Manager	>=12.1.0<12.1.4.1
F5 BIG-IP Policy Enforcement Manager	>=13.0.0<13.1.1.5
F5 BIG-IP Policy Enforcement Manager	>=14.0.0<14.1.0.2
F5 BIG-IP WebAccelerator	>=12.1.0<12.1.4.1
F5 BIG-IP WebAccelerator	>=13.0.0<13.1.1.5
F5 BIG-IP WebAccelerator	>=14.0.0<14.1.0.2
F5 BIG-IP Application Security Manager	>=12.1.0<12.1.4.1
F5 BIG-IP Application Security Manager	>=13.0.0<13.1.1.5
F5 BIG-IP Application Security Manager	>=14.0.0<14.1.0.2
F5 BIG-IP Local Traffic Manager	>=12.1.0<12.1.4.1
F5 BIG-IP Local Traffic Manager	>=13.0.0<13.1.1.5
F5 BIG-IP Local Traffic Manager	>=14.0.0<14.1.0.2
f5 big-ip fraud protection service	>=12.1.0<12.1.4.1
f5 big-ip fraud protection service	>=13.0.0<13.1.1.5
f5 big-ip fraud protection service	>=14.0.0<14.1.0.2
F5 BIG-IP Global Traffic Manager	>=12.1.0<12.1.4.1
F5 BIG-IP Global Traffic Manager	>=13.0.0<13.1.1.5
F5 BIG-IP Global Traffic Manager	>=14.0.0<14.1.0.2
F5 BIG-IP Analytics	>=12.1.0<12.1.4.1
F5 BIG-IP Analytics	>=13.0.0<13.1.1.5
F5 BIG-IP Analytics	>=14.0.0<14.1.0.2
F5 BIG-IP Edge Gateway	>=12.1.0<12.1.4.1
F5 BIG-IP Edge Gateway	>=13.0.0<13.1.1.5
F5 BIG-IP Edge Gateway	>=14.0.0<14.1.0.2
f5 big-ip domain name system	>=12.1.0<12.1.4.1
f5 big-ip domain name system	>=13.0.0<13.1.1.5
f5 big-ip domain name system	>=14.0.0<14.1.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-6614?
CVE-2019-6614 has a severity rating of high due to the potential for an authenticated attacker to exploit it.
How do I fix CVE-2019-6614?
To remediate CVE-2019-6614, it is recommended to upgrade to the latest patched version of F5 BIG-IP products.
What systems are affected by CVE-2019-6614?
CVE-2019-6614 affects F5 BIG-IP versions ranging from 12.1.0 to 14.1.0 on various modules including Access Policy Manager and Application Security Manager.
Can an attacker exploit CVE-2019-6614 without authentication?
No, an attacker must have a high privilege account to exploit the vulnerability in CVE-2019-6614.
What type of vulnerability is CVE-2019-6614 classified as?
CVE-2019-6614 is classified as an arbitrary file overwrite vulnerability.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/description
agent/last-modified-date
agent/author
agent/severity
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/f5
canonical/f5 big-ip access policy manager
version/f5 big-ip access policy manager/12.1.0
version/f5 big-ip access policy manager/13.0.0
version/f5 big-ip access policy manager/14.0.0
canonical/f5 big-ip advanced firewall manager
version/f5 big-ip advanced firewall manager/12.1.0
version/f5 big-ip advanced firewall manager/13.0.0
version/f5 big-ip advanced firewall manager/14.0.0
canonical/f5 big-ip application acceleration manager
version/f5 big-ip application acceleration manager/12.1.0
version/f5 big-ip application acceleration manager/13.0.0
version/f5 big-ip application acceleration manager/14.0.0
canonical/f5 big-ip link controller
version/f5 big-ip link controller/12.1.0
version/f5 big-ip link controller/13.0.0
version/f5 big-ip link controller/14.0.0
canonical/f5 big-ip policy enforcement manager
version/f5 big-ip policy enforcement manager/12.1.0
version/f5 big-ip policy enforcement manager/13.0.0
version/f5 big-ip policy enforcement manager/14.0.0
canonical/f5 big-ip webaccelerator
version/f5 big-ip webaccelerator/12.1.0
version/f5 big-ip webaccelerator/13.0.0
version/f5 big-ip webaccelerator/14.0.0
canonical/f5 big-ip application security manager
version/f5 big-ip application security manager/12.1.0
version/f5 big-ip application security manager/13.0.0
version/f5 big-ip application security manager/14.0.0
canonical/f5 big-ip local traffic manager
version/f5 big-ip local traffic manager/12.1.0
version/f5 big-ip local traffic manager/13.0.0
version/f5 big-ip local traffic manager/14.0.0
canonical/f5 big-ip fraud protection service
version/f5 big-ip fraud protection service/12.1.0
version/f5 big-ip fraud protection service/13.0.0
version/f5 big-ip fraud protection service/14.0.0
canonical/f5 big-ip global traffic manager
version/f5 big-ip global traffic manager/12.1.0
version/f5 big-ip global traffic manager/13.0.0
version/f5 big-ip global traffic manager/14.0.0
canonical/f5 big-ip analytics
version/f5 big-ip analytics/12.1.0
version/f5 big-ip analytics/13.0.0
version/f5 big-ip analytics/14.0.0
canonical/f5 big-ip edge gateway
version/f5 big-ip edge gateway/12.1.0
version/f5 big-ip edge gateway/13.0.0
version/f5 big-ip edge gateway/14.0.0
canonical/f5 big-ip domain name system
version/f5 big-ip domain name system/12.1.0
version/f5 big-ip domain name system/13.0.0
version/f5 big-ip domain name system/14.0.0

CVE-2019-6614

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-6614?

How do I fix CVE-2019-6614?

What systems are affected by CVE-2019-6614?

Can an attacker exploit CVE-2019-6614 without authentication?

What type of vulnerability is CVE-2019-6614 classified as?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-6614?

How do I fix CVE-2019-6614?

What systems are affected by CVE-2019-6614?

Can an attacker exploit CVE-2019-6614 without authentication?

What type of vulnerability is CVE-2019-6614 classified as?