← back
CVE-2019-19151

CVE-2019-19151

EPSS 0.3%
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.
Affected products
F5 · BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.f5.com/csp/article/K21711352