CVE-2019-6601

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
f5big-ip_application_acceleration_manager
11.2.1 ≤
𝑥
≤ 11.5.8
f5big-ip_application_acceleration_manager
11.6.1 ≤
𝑥
≤ 11.6.3
f5big-ip_application_acceleration_manager
12.1.0 ≤
𝑥
≤ 12.1.3
f5big-ip_application_acceleration_manager
13.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107444
https://support.f5.com/csp/article/K25359902
http://www.securityfocus.com/bid/107444
https://support.f5.com/csp/article/K25359902