CVE-2019-19151 vulnerability in F5 Networks Products
Published on December 23, 2019
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.
Products Associated with CVE-2019-19151
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-19151 are published in these products:
Affected Versions
F5 BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager:- Version BIG-IP 15.0.0-15.1.0 is affected.
- Version 14.0.0-14.1.2.3 is affected.
- Version 13.1.0-13.1.3.2 is affected.
- Version 12.1.0-12.1.5 is affected.
- Version 11.5.2-11.6.5.1 is affected.
- Version BIG-IQ 7.0.0 is affected.
- Version 6.0.0-6.1.0 is affected.
- Version 5.0.0-5.4.0 is affected.
- Version iWorkflow 2.3.0 is affected.
- Version Enterprise Manager 3.1.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.