CVE-2019-6614 - Vulnerability Details

Vendors	Products
F5	Big-ip Access Policy Manager Big-ip Advanced Firewall Manager Big-ip Analytics Big-ip Application Acceleration Manager Big-ip Application Security Manager Big-ip Domain Name System Big-ip Edge Gateway Big-ip Fraud Protection Service Big-ip Global Traffic Manager Big-ip Link Controller Big-ip Local Traffic Manager Big-ip Policy Enforcement Manager Big-ip Webaccelerator

Link	Providers
http://www.securityfocus.com/bid/108297
https://support.f5.com/csp/article/K46524395

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", "vendor": "F5", "versions": [{"status": "affected", "version": "14.0.0-14.1.0.1"}, {"status": "affected", "version": "13.0.0-13.1.1.4"}, {"status": "affected", "version": "12.1.0-12.1.4"}]}], "descriptions": [{"lang": "en", "value": "On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files."}], "problemTypes": [{"descriptions": [{"description": "Privilege Escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-13T09:06:07", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K46524395"}, {"name": "108297", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108297"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "ID": "CVE-2019-6614", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", "version": {"version_data": [{"version_value": "14.0.0-14.1.0.1"}, {"version_value": "13.0.0-13.1.1.4"}, {"version_value": "12.1.0-12.1.4"}]}}]}, "vendor_name": "F5"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K46524395", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K46524395"}, {"name": "108297", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108297"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:23:22.086Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K46524395"}, {"name": "108297", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108297"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2019-6614", "datePublished": "2019-05-03T19:09:12", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:22.086Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) (string)

vendor : F5 (string)

versions : [ »

0 : { »

status : affected (string)

version : 14.0.0-14.1.0.1 (string)

}

1 : { »

status : affected (string)

version : 13.0.0-13.1.1.4 (string)

}

2 : { »

status : affected (string)

version : 12.1.0-12.1.4 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Privilege Escalation (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-05-13T09:06:07 (string)

orgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

shortName : f5 (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.f5.com/csp/article/K46524395 (string)

}

1 : { »

name : 108297 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/108297 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : f5sirt@f5.com (string)

ID : CVE-2019-6614 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) (string)

version : { »

version_data : [ »

0 : { »

version_value : 14.0.0-14.1.0.1 (string)

}

1 : { »

version_value : 13.0.0-13.1.1.4 (string)

}

2 : { »

version_value : 12.1.0-12.1.4 (string)

}

]

}

]

}

vendor_name : F5 (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Privilege Escalation (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://support.f5.com/csp/article/K46524395 (string)

refsource : CONFIRM (string)

url : https://support.f5.com/csp/article/K46524395 (string)

}

1 : { »

name : 108297 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/108297 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T20:23:22.086Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.f5.com/csp/article/K46524395 (string)

}

1 : { »

name : 108297 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/108297 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

assignerShortName : f5 (string)

cveId : CVE-2019-6614 (string)

datePublished : 2019-05-03T19:09:12 (string)

dateReserved : 2019-01-22T00:00:00 (string)

dateUpdated : 2024-08-04T20:23:22.086Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "038A8B61-CD54-4D41-9EDC-629E33389E17", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C22F2CB-FA25-4326-9542-FED6F97262DD", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB845EA7-3928-4FBE-ADB3-74AB8AB584F6", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A60AA834-6C1E-4203-91DA-A2C8478A184F", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F602F8C-9548-47C4-A15E-FE52FDC37BFA", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE67A396-FD17-41DE-9F6B-00E760538786", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFD0FF41-761A-440D-83F8-ED779CA4F38C", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5275F08-E0D0-402D-812C-C72AE26D95BC", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0E0A944-3615-4B10-B27D-FEE228B7A4E6", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6F5072A-0347-4B4D-805A-CC4BD869CFF3", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF225E1D-75DB-4E67-93A8-727E3A6F1896", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "716B53B2-FE8E-4535-B438-BDBADEDB8ADB", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "06B52E4E-1DDE-49D0-AEE1-8A3A790BE30B", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9A5F789-854D-4C17-98FE-85EAD8000C09", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F303D34A-0155-4248-88BF-59086A3E24AC", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "E44D05AD-3C76-4EB9-B8F4-FC5837C72E48", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8AC313F-4776-482C-B8E4-E3993820DA94", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "68D79E48-7951-4ABE-AADF-0CE4975704FA", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B50AFE19-77F8-4BCC-B287-E967497DF44A", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1209416-7A72-4B4E-B493-DCB1A04A39E1", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "57BCC8CB-5CD1-48F0-9983-883BD20B44FB", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D441D2CE-C8F1-4688-903B-93F04BD1C8CE", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0915E0EA-4DBF-4D42-B533-7CB8674C5D97", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E61DD08-9CF9-457A-9120-52FA1F0ABD61", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "152970DD-B77B-49C7-A02E-FC823E0E633F", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CCC67AD-46E4-40C5-AEED-C4691C731978", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "3077533D-DCF2-47AE-B9BD-E88C5C9A8CA5", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA8B6C1C-D373-4E5D-902E-DA590D182E19", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF10D9A8-AC97-4864-B7E9-8209983B2489", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8A7C7B7-9956-4921-A701-032D67EE156F", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "428FCCE2-10D7-42B2-AF25-8109BAB2A6E1", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "19CF4C32-368F-42B3-B1EE-C59CC12EF745", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "70EB94C1-8799-453C-BB63-4EB9B905F70C", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AFEDB33-A655-4F67-B43E-DED5FC8183D4", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B310516-87E6-453A-82E7-CDDB9F9D5E57", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "3293CE1D-A278-4C80-8F1C-0894162465B6", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E703372-E37E-4DD8-8C6A-EE6EC4EFC900", "versionEndExcluding": "12.1.4.1", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "117DFD13-51F9-46E8-B000-3364B7ED8364", "versionEndExcluding": "13.1.1.5", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BCE1FEC-7D71-4AA8-A6FD-AFA05D94F965", "versionEndExcluding": "14.1.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files."}, {"lang": "es", "value": "En BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, y 12.1.0-12.1.4, m\u00e9todos internos empleados para evitar la sobrescritura arbitraria en el \"Appliance Mode\" no fueron completamente efectivos. Un atacante autenticado con un alto nivel de privilegios es capaz de saltarse las protecciones implementadas en el modo appliance para sobrescribir archivos arbitrarios del sistema."}], "id": "CVE-2019-6614", "lastModified": "2024-11-21T04:46:48.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-03T20:29:01.437", "references": [{"source": "f5sirt@f5.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108297"}, {"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K46524395"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K46524395"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 038A8B61-CD54-4D41-9EDC-629E33389E17 (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9C22F2CB-FA25-4326-9542-FED6F97262DD (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BB845EA7-3928-4FBE-ADB3-74AB8AB584F6 (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A60AA834-6C1E-4203-91DA-A2C8478A184F (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F602F8C-9548-47C4-A15E-FE52FDC37BFA (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BE67A396-FD17-41DE-9F6B-00E760538786 (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CFD0FF41-761A-440D-83F8-ED779CA4F38C (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B5275F08-E0D0-402D-812C-C72AE26D95BC (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B0E0A944-3615-4B10-B27D-FEE228B7A4E6 (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B6F5072A-0347-4B4D-805A-CC4BD869CFF3 (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DF225E1D-75DB-4E67-93A8-727E3A6F1896 (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 716B53B2-FE8E-4535-B438-BDBADEDB8ADB (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 06B52E4E-1DDE-49D0-AEE1-8A3A790BE30B (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E9A5F789-854D-4C17-98FE-85EAD8000C09 (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F303D34A-0155-4248-88BF-59086A3E24AC (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E44D05AD-3C76-4EB9-B8F4-FC5837C72E48 (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F8AC313F-4776-482C-B8E4-E3993820DA94 (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 68D79E48-7951-4ABE-AADF-0CE4975704FA (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B50AFE19-77F8-4BCC-B287-E967497DF44A (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D1209416-7A72-4B4E-B493-DCB1A04A39E1 (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 57BCC8CB-5CD1-48F0-9983-883BD20B44FB (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D441D2CE-C8F1-4688-903B-93F04BD1C8CE (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0915E0EA-4DBF-4D42-B533-7CB8674C5D97 (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9E61DD08-9CF9-457A-9120-52FA1F0ABD61 (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 152970DD-B77B-49C7-A02E-FC823E0E633F (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2CCC67AD-46E4-40C5-AEED-C4691C731978 (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3077533D-DCF2-47AE-B9BD-E88C5C9A8CA5 (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

9 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EA8B6C1C-D373-4E5D-902E-DA590D182E19 (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DF10D9A8-AC97-4864-B7E9-8209983B2489 (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C8A7C7B7-9956-4921-A701-032D67EE156F (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

10 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 428FCCE2-10D7-42B2-AF25-8109BAB2A6E1 (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 19CF4C32-368F-42B3-B1EE-C59CC12EF745 (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 70EB94C1-8799-453C-BB63-4EB9B905F70C (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

11 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7AFEDB33-A655-4F67-B43E-DED5FC8183D4 (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3B310516-87E6-453A-82E7-CDDB9F9D5E57 (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3293CE1D-A278-4C80-8F1C-0894162465B6 (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

12 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9E703372-E37E-4DD8-8C6A-EE6EC4EFC900 (string)

versionEndExcluding : 12.1.4.1 (string)

versionStartIncluding : 12.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 117DFD13-51F9-46E8-B000-3364B7ED8364 (string)

versionEndExcluding : 13.1.1.5 (string)

versionStartIncluding : 13.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8BCE1FEC-7D71-4AA8-A6FD-AFA05D94F965 (string)

versionEndExcluding : 14.1.0.2 (string)

versionStartIncluding : 14.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files. (string)

}

1 : { »

lang : es (string)

value : En BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, y 12.1.0-12.1.4, métodos internos empleados para evitar la sobrescritura arbitraria en el "Appliance Mode" no fueron completamente efectivos. Un atacante autenticado con un alto nivel de privilegios es capaz de saltarse las protecciones implementadas en el modo appliance para sobrescribir archivos arbitrarios del sistema. (string)

}

]

id : CVE-2019-6614 (string)

lastModified : 2024-11-21T04:46:48.583 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:N/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 5.2 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-05-03T20:29:01.437 (string)

references : [ »

0 : { »

source : f5sirt@f5.com (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/108297 (string)

}

1 : { »

source : f5sirt@f5.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.f5.com/csp/article/K46524395 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/108297 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.f5.com/csp/article/K46524395 (string)

}

]

sourceIdentifier : f5sirt@f5.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object