CVE-2019-6679
23.12.2019, 18:15
On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted.
Vendor | Product | Version |
---|---|---|
f5 | big-ip_access_policy_manager | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_access_policy_manager | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_access_policy_manager | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_access_policy_manager | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_access_policy_manager | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_access_policy_manager | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_access_policy_manager | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_advanced_firewall_manager | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_advanced_firewall_manager | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_advanced_firewall_manager | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_advanced_firewall_manager | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_advanced_firewall_manager | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_advanced_firewall_manager | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_advanced_firewall_manager | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_analytics | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_analytics | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_analytics | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_analytics | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_analytics | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_analytics | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_analytics | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_application_acceleration_manager | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_application_acceleration_manager | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_application_acceleration_manager | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_application_acceleration_manager | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_application_acceleration_manager | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_application_acceleration_manager | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_application_acceleration_manager | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_application_security_manager | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_application_security_manager | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_application_security_manager | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_application_security_manager | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_application_security_manager | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_application_security_manager | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_application_security_manager | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_domain_name_system | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_domain_name_system | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_domain_name_system | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_domain_name_system | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_domain_name_system | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_domain_name_system | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_domain_name_system | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_edge_gateway | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_edge_gateway | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_edge_gateway | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_edge_gateway | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_edge_gateway | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_edge_gateway | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_edge_gateway | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_fraud_protection_service | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_fraud_protection_service | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_fraud_protection_service | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_fraud_protection_service | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_fraud_protection_service | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_fraud_protection_service | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_fraud_protection_service | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_global_traffic_manager | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_global_traffic_manager | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_global_traffic_manager | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_global_traffic_manager | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_global_traffic_manager | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_global_traffic_manager | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_global_traffic_manager | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_link_controller | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_link_controller | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_link_controller | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_link_controller | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_link_controller | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_link_controller | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_link_controller | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_local_traffic_manager | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_local_traffic_manager | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_local_traffic_manager | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_local_traffic_manager | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_local_traffic_manager | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_local_traffic_manager | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_local_traffic_manager | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_policy_enforcement_manager | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_policy_enforcement_manager | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_policy_enforcement_manager | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_policy_enforcement_manager | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_policy_enforcement_manager | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_policy_enforcement_manager | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_policy_enforcement_manager | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
f5 | big-ip_webaccelerator | 11.5.9 ≤ 𝑥 ≤ 11.5.10 |
f5 | big-ip_webaccelerator | 11.6.4 ≤ 𝑥 < 11.6.5.1 |
f5 | big-ip_webaccelerator | 12.1.4.1 ≤ 𝑥 ≤ 12.1.5 |
f5 | big-ip_webaccelerator | 13.1.1.5 ≤ 𝑥 < 13.1.3.2 |
f5 | big-ip_webaccelerator | 14.0.0.5 ≤ 𝑥 < 14.0.1.1 |
f5 | big-ip_webaccelerator | 14.1.0.2 ≤ 𝑥 < 14.1.2.3 |
f5 | big-ip_webaccelerator | 15.0.0 ≤ 𝑥 < 15.0.1.1 |
𝑥
= Vulnerable software versions