| Title | 複数の F5 Networks 製品における認可・権限・アクセス制御に関する脆弱性 |
|---|---|
| Summary | 複数の F5 Networks 製品には、認可・権限・アクセス制御に関する脆弱性が存在します。 |
| Possible impacts | 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | June 28, 2019, midnight |
| Registration Date | July 9, 2019, 5:41 p.m. |
| Last Update | July 9, 2019, 5:41 p.m. |
| CVSS3.0 : 重要 | |
| Score | 8.8 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVSS2.0 : 危険 | |
| Score | 9 |
|---|---|
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
| F5 Networks |
| BIG-IP Access Policy Manager (APM) |
| BIG-IP Advanced Firewall Manager (AFM) |
| BIG-IP Application Acceleration Manager (AAM) |
| BIG-IP Application Security Manager (ASM) |
| BIG-IP Fraud Protection Service (FPS) |
| BIG-IP Global Traffic Manager (GTM) |
| BIG-IP Link Controller |
| BIG-IP Local Traffic Manager (LTM) |
| BIG-IP Policy Enforcement Manager (PEM) |
| BIG-IP WebAccelerator |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2019年07月09日] 掲載 |
July 9, 2019, 5:41 p.m. |
| Summary | In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp. |
|---|---|
| Publication Date | July 2, 2019, 6:15 a.m. |
| Registration Date | Jan. 26, 2021, 11:43 a.m. |
| Last Update | Nov. 21, 2024, 1:46 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| Configuration13 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* | 11.5.2 | 11.6.4 | |||
| cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* | 12.1.0 | 12.1.4.2 | |||
| cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* | 13.0.0 | 13.1.1.5 | |||
| cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* | 14.0.0 | 14.1.0.5 | |||
| Configuration14 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* | 5.1.0 | 5.4.0 | |||
| cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* | 6.0.0 | 6.1.0 | |||
| Configuration15 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:* | |||||