CVE-2019-6642
First published: Mon Jul 01 2019(Updated: )
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Access Policy Manager | >=11.5.2<=11.6.4 | |
| F5 Access Policy Manager | >=12.1.0<=12.1.4.2 | |
| F5 Access Policy Manager | >=13.0.0<=13.1.1.5 | |
| F5 Access Policy Manager | >=14.0.0<=14.1.0.5 | |
| F5 Access Policy Manager | =15.0.0 | |
| F5 BIG-IP Advanced Firewall Manager | >=11.5.2<=11.6.4 | |
| F5 BIG-IP Advanced Firewall Manager | >=12.1.0<=12.1.4.2 | |
| F5 BIG-IP Advanced Firewall Manager | >=13.0.0<=13.1.1.5 | |
| F5 BIG-IP Advanced Firewall Manager | >=14.0.0<=14.1.0.5 | |
| F5 BIG-IP Advanced Firewall Manager | =15.0.0 | |
| f5 big-ip application acceleration manager | >=11.5.2<=11.6.4 | |
| f5 big-ip application acceleration manager | >=12.1.0<=12.1.4.2 | |
| f5 big-ip application acceleration manager | >=13.0.0<=13.1.1.5 | |
| f5 big-ip application acceleration manager | >=14.0.0<=14.1.0.5 | |
| f5 big-ip application acceleration manager | =15.0.0 | |
| F5 BIG-IP | >=11.5.2<=11.6.4 | |
| F5 BIG-IP | >=12.1.0<=12.1.4.2 | |
| F5 BIG-IP | >=13.0.0<=13.1.1.5 | |
| F5 BIG-IP | >=14.0.0<=14.1.0.5 | |
| F5 BIG-IP | =15.0.0 | |
| F5 BIG-IP Policy Enforcement Manager | >=11.5.2<=11.6.4 | |
| F5 BIG-IP Policy Enforcement Manager | >=12.1.0<=12.1.4.2 | |
| F5 BIG-IP Policy Enforcement Manager | >=13.0.0<=13.1.1.5 | |
| F5 BIG-IP Policy Enforcement Manager | >=14.0.0<=14.1.0.5 | |
| F5 BIG-IP Policy Enforcement Manager | =15.0.0 | |
| F5 BIG-IP WebAccelerator | >=11.5.2<=11.6.4 | |
| F5 BIG-IP WebAccelerator | >=12.1.0<=12.1.4.2 | |
| F5 BIG-IP WebAccelerator | >=13.0.0<=13.1.1.5 | |
| F5 BIG-IP WebAccelerator | >=14.0.0<=14.1.0.5 | |
| F5 BIG-IP WebAccelerator | =15.0.0 | |
| F5 Application Security Manager | >=11.5.2<=11.6.4 | |
| F5 Application Security Manager | >=12.1.0<=12.1.4.2 | |
| F5 Application Security Manager | >=13.0.0<=13.1.1.5 | |
| F5 Application Security Manager | >=14.0.0<=14.1.0.5 | |
| F5 Application Security Manager | =15.0.0 | |
| F5 BIG-IP Local Traffic Manager | >=11.5.2<=11.6.4 | |
| F5 BIG-IP Local Traffic Manager | >=12.1.0<=12.1.4.2 | |
| F5 BIG-IP Local Traffic Manager | >=13.0.0<=13.1.1.5 | |
| F5 BIG-IP Local Traffic Manager | >=14.0.0<=14.1.0.5 | |
| F5 BIG-IP Local Traffic Manager | =15.0.0 | |
| F5 BIG-IP fraud protection services | >=11.5.2<=11.6.4 | |
| F5 BIG-IP fraud protection services | >=12.1.0<=12.1.4.2 | |
| F5 BIG-IP fraud protection services | >=13.0.0<=13.1.1.5 | |
| F5 BIG-IP fraud protection services | >=14.0.0<=14.1.0.5 | |
| F5 BIG-IP fraud protection services | =15.0.0 | |
| F5 BIG-IP Global Traffic Manager | >=11.5.2<=11.6.4 | |
| F5 BIG-IP Global Traffic Manager | >=12.1.0<=12.1.4.2 | |
| F5 BIG-IP Global Traffic Manager | >=13.0.0<=13.1.1.5 | |
| F5 BIG-IP Global Traffic Manager | >=14.0.0<=14.1.0.5 | |
| F5 BIG-IP Global Traffic Manager | =15.0.0 | |
| F5 BIG-IP Analytics | >=11.5.2<=11.6.4 | |
| F5 BIG-IP Analytics | >=12.1.0<=12.1.4.2 | |
| F5 BIG-IP Analytics | >=13.0.0<=13.1.1.5 | |
| F5 BIG-IP Analytics | >=14.0.0<=14.1.0.5 | |
| F5 BIG-IP Analytics | =15.0.0 | |
| F5 BIG-IP Edge Gateway | >=11.5.2<=11.6.4 | |
| F5 BIG-IP Edge Gateway | >=12.1.0<=12.1.4.2 | |
| F5 BIG-IP Edge Gateway | >=13.0.0<=13.1.1.5 | |
| F5 BIG-IP Edge Gateway | >=14.0.0<=14.1.0.5 | |
| F5 BIG-IP Edge Gateway | =15.0.0 | |
| f5 big-ip domain name system | >=11.5.2<=11.6.4 | |
| f5 big-ip domain name system | >=12.1.0<=12.1.4.2 | |
| f5 big-ip domain name system | >=13.0.0<=13.1.1.5 | |
| f5 big-ip domain name system | >=14.0.0<=14.1.0.5 | |
| f5 big-ip domain name system | =15.0.0 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=5.1.0<=5.4.0 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=6.0.0<=6.1.0 | |
| F5 Enterprise Manager | =3.1.1 | |
| F5 iWorkflow | =2.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-6642?
CVE-2019-6642 is rated as a critical vulnerability due to its potential for privilege escalation.
How can I fix CVE-2019-6642?
To fix CVE-2019-6642, update your F5 BIG-IP software to a version that addresses this vulnerability, such as versions after 15.0.0 or 14.1.0.5.
What products are affected by CVE-2019-6642?
CVE-2019-6642 affects various F5 BIG-IP products including Access Policy Manager, Application Security Manager, and more across multiple versions.
What exploits are associated with CVE-2019-6642?
CVE-2019-6642 can be exploited by authenticated users with file upload capabilities to gain unauthorized root access.
Is there a workaround for CVE-2019-6642?
Currently, there are no effective workarounds for CVE-2019-6642; updating the software is the recommended solution.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/description
- agent/last-modified-date
- agent/author
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/f5 access policy manager
- version/f5 access policy manager/11.5.2
- version/f5 access policy manager/11.6.4
- version/f5 access policy manager/12.1.0
- version/f5 access policy manager/12.1.4.2
- version/f5 access policy manager/13.0.0
- version/f5 access policy manager/13.1.1.5
- version/f5 access policy manager/14.0.0
- version/f5 access policy manager/14.1.0.5
- version/f5 access policy manager/15.0.0
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/11.5.2
- version/f5 big-ip advanced firewall manager/11.6.4
- version/f5 big-ip advanced firewall manager/12.1.0
- version/f5 big-ip advanced firewall manager/12.1.4.2
- version/f5 big-ip advanced firewall manager/13.0.0
- version/f5 big-ip advanced firewall manager/13.1.1.5
- version/f5 big-ip advanced firewall manager/14.0.0
- version/f5 big-ip advanced firewall manager/14.1.0.5
- version/f5 big-ip advanced firewall manager/15.0.0
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/11.5.2
- version/f5 big-ip application acceleration manager/11.6.4
- version/f5 big-ip application acceleration manager/12.1.0
- version/f5 big-ip application acceleration manager/12.1.4.2
- version/f5 big-ip application acceleration manager/13.0.0
- version/f5 big-ip application acceleration manager/13.1.1.5
- version/f5 big-ip application acceleration manager/14.0.0
- version/f5 big-ip application acceleration manager/14.1.0.5
- version/f5 big-ip application acceleration manager/15.0.0
- canonical/f5 big-ip
- version/f5 big-ip/11.5.2
- version/f5 big-ip/11.6.4
- version/f5 big-ip/12.1.0
- version/f5 big-ip/12.1.4.2
- version/f5 big-ip/13.0.0
- version/f5 big-ip/13.1.1.5
- version/f5 big-ip/14.0.0
- version/f5 big-ip/14.1.0.5
- version/f5 big-ip/15.0.0
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/11.5.2
- version/f5 big-ip policy enforcement manager/11.6.4
- version/f5 big-ip policy enforcement manager/12.1.0
- version/f5 big-ip policy enforcement manager/12.1.4.2
- version/f5 big-ip policy enforcement manager/13.0.0
- version/f5 big-ip policy enforcement manager/13.1.1.5
- version/f5 big-ip policy enforcement manager/14.0.0
- version/f5 big-ip policy enforcement manager/14.1.0.5
- version/f5 big-ip policy enforcement manager/15.0.0
- canonical/f5 big-ip webaccelerator
- version/f5 big-ip webaccelerator/11.5.2
- version/f5 big-ip webaccelerator/11.6.4
- version/f5 big-ip webaccelerator/12.1.0
- version/f5 big-ip webaccelerator/12.1.4.2
- version/f5 big-ip webaccelerator/13.0.0
- version/f5 big-ip webaccelerator/13.1.1.5
- version/f5 big-ip webaccelerator/14.0.0
- version/f5 big-ip webaccelerator/14.1.0.5
- version/f5 big-ip webaccelerator/15.0.0
- canonical/f5 application security manager
- version/f5 application security manager/11.5.2
- version/f5 application security manager/11.6.4
- version/f5 application security manager/12.1.0
- version/f5 application security manager/12.1.4.2
- version/f5 application security manager/13.0.0
- version/f5 application security manager/13.1.1.5
- version/f5 application security manager/14.0.0
- version/f5 application security manager/14.1.0.5
- version/f5 application security manager/15.0.0
- canonical/f5 big-ip local traffic manager
- version/f5 big-ip local traffic manager/11.5.2
- version/f5 big-ip local traffic manager/11.6.4
- version/f5 big-ip local traffic manager/12.1.0
- version/f5 big-ip local traffic manager/12.1.4.2
- version/f5 big-ip local traffic manager/13.0.0
- version/f5 big-ip local traffic manager/13.1.1.5
- version/f5 big-ip local traffic manager/14.0.0
- version/f5 big-ip local traffic manager/14.1.0.5
- version/f5 big-ip local traffic manager/15.0.0
- canonical/f5 big-ip fraud protection services
- version/f5 big-ip fraud protection services/11.5.2
- version/f5 big-ip fraud protection services/11.6.4
- version/f5 big-ip fraud protection services/12.1.0
- version/f5 big-ip fraud protection services/12.1.4.2
- version/f5 big-ip fraud protection services/13.0.0
- version/f5 big-ip fraud protection services/13.1.1.5
- version/f5 big-ip fraud protection services/14.0.0
- version/f5 big-ip fraud protection services/14.1.0.5
- version/f5 big-ip fraud protection services/15.0.0
- canonical/f5 big-ip global traffic manager
- version/f5 big-ip global traffic manager/11.5.2
- version/f5 big-ip global traffic manager/11.6.4
- version/f5 big-ip global traffic manager/12.1.0
- version/f5 big-ip global traffic manager/12.1.4.2
- version/f5 big-ip global traffic manager/13.0.0
- version/f5 big-ip global traffic manager/13.1.1.5
- version/f5 big-ip global traffic manager/14.0.0
- version/f5 big-ip global traffic manager/14.1.0.5
- version/f5 big-ip global traffic manager/15.0.0
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/11.5.2
- version/f5 big-ip analytics/11.6.4
- version/f5 big-ip analytics/12.1.0
- version/f5 big-ip analytics/12.1.4.2
- version/f5 big-ip analytics/13.0.0
- version/f5 big-ip analytics/13.1.1.5
- version/f5 big-ip analytics/14.0.0
- version/f5 big-ip analytics/14.1.0.5
- version/f5 big-ip analytics/15.0.0
- canonical/f5 big-ip edge gateway
- version/f5 big-ip edge gateway/11.5.2
- version/f5 big-ip edge gateway/11.6.4
- version/f5 big-ip edge gateway/12.1.0
- version/f5 big-ip edge gateway/12.1.4.2
- version/f5 big-ip edge gateway/13.0.0
- version/f5 big-ip edge gateway/13.1.1.5
- version/f5 big-ip edge gateway/14.0.0
- version/f5 big-ip edge gateway/14.1.0.5
- version/f5 big-ip edge gateway/15.0.0
- canonical/f5 big-ip domain name system
- version/f5 big-ip domain name system/11.5.2
- version/f5 big-ip domain name system/11.6.4
- version/f5 big-ip domain name system/12.1.0
- version/f5 big-ip domain name system/12.1.4.2
- version/f5 big-ip domain name system/13.0.0
- version/f5 big-ip domain name system/13.1.1.5
- version/f5 big-ip domain name system/14.0.0
- version/f5 big-ip domain name system/14.1.0.5
- version/f5 big-ip domain name system/15.0.0
- canonical/f5 big-ip and big-iq centralized management
- version/f5 big-ip and big-iq centralized management/5.1.0
- version/f5 big-ip and big-iq centralized management/5.4.0
- version/f5 big-ip and big-iq centralized management/6.0.0
- version/f5 big-ip and big-iq centralized management/6.1.0
- canonical/f5 enterprise manager
- version/f5 enterprise manager/3.1.1
- canonical/f5 iworkflow
- version/f5 iworkflow/2.3.0