← Back

CVE-2019-6601

nvd nist
Published: Mar 13, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts.

Affected (4)

F5
1 product
Big Ip Application Acceleration Manager
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Application Acceleration Manager
From 11.2.1 to 11.5.8
Big Ip Application Acceleration Manager
From 11.6.1 to 11.6.3
Big Ip Application Acceleration Manager
From 12.1.0 to 12.1.3
Big Ip Application Acceleration Manager
Version 13.0.0

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

Source: f5sirt@f5.com
Broken LinkThird Party AdvisoryVDB Entry
Source: f5sirt@f5.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.