CVE-2019-6642 vulnerability in F5 Networks Products
Published on July 1, 2019
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.
Products Associated with CVE-2019-6642
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-6642 are published in these products:
Affected Versions
F5 BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager:- Version BIG-IP 15.0.0 is affected.
- Version 14.0.0-14.1.0.5 is affected.
- Version 13.0.0-13.1.1.5 is affected.
- Version 12.1.0-12.1.4.2 is affected.
- Version 11.5.2-11.6.4 is affected.
- Version BIG-IQ 6.0.0-6.1.0 is affected.
- Version 5.1.0-5.4.0 is affected.
- Version iWorkflow 2.3.0 is affected.
- Version Enterprise Manager 3.1.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.