Details of VAR-201912-0096

ID

VAR-201912-0096

CVE

CVE-2019-6679

TITLE

BIG-IP Link interpretation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013583

DESCRIPTION

On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted. BIG-IP Contains a link interpretation vulnerability.Information may be tampered with. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0.2 to 14.1.2.2, 14.0.0.5 to 14.0.1, 13.1.1.5 to 13.1.3.1 , 12.1.4.1 to 12.1.5, 11.6.4 to 11.6.5, 11.5.9 to 11.5.10

Trust: 1.71

sources: NVD: CVE-2019-6679 // JVNDB: JVNDB-2019-013583 // VULHUB: VHN-158114

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	11.5.10	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.0.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.2	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.3.1	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.1.2	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	15.0.1	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.0.1	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.1.0.5	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.1.2.1	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.3	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	15.0.0	Trust: 0.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.1.0.2	Trust: 0.6

sources: JVNDB: JVNDB-2019-013583 // CNNVD: CNNVD-201912-1004 // NVD: CVE-2019-6679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6679
value:	LOW
Trust: 1.0
NVD:	CVE-2019-6679
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201912-1004
value:	LOW
Trust: 0.6
VULHUB:	VHN-158114
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-6679
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158114
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6679
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6679
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158114 // JVNDB: JVNDB-2019-013583 // CNNVD: CNNVD-201912-1004 // NVD: CVE-2019-6679

PROBLEMTYPE DATA

problemtype:

CWE-59

Trust: 1.9

sources: VULHUB: VHN-158114 // JVNDB: JVNDB-2019-013583 // NVD: CVE-2019-6679

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-1004

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-201912-1004

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013583

PATCH

title:	K54336216	url:	https://support.f5.com/csp/article/K54336216	Trust: 0.8
title:	F5 BIG-IP Post-link vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106397	Trust: 0.6

sources: JVNDB: JVNDB-2019-013583 // CNNVD: CNNVD-201912-1004

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6679	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-013583	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-1004	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4765	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4765.2	Trust: 0.6
db:	VULHUB	id:	VHN-158114	Trust: 0.1

sources: VULHUB: VHN-158114 // JVNDB: JVNDB-2019-013583 // CNNVD: CNNVD-201912-1004 // NVD: CVE-2019-6679

REFERENCES

url:	https://support.f5.com/csp/article/k54336216	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6679	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6679	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.4765.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4765/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/f5-big-ip-read-write-access-via-scp-blacklist-31224	Trust: 0.6

sources: VULHUB: VHN-158114 // JVNDB: JVNDB-2019-013583 // CNNVD: CNNVD-201912-1004 // NVD: CVE-2019-6679

SOURCES

db:	VULHUB	id:	VHN-158114
db:	JVNDB	id:	JVNDB-2019-013583
db:	CNNVD	id:	CNNVD-201912-1004
db:	NVD	id:	CVE-2019-6679

LAST UPDATE DATE

2024-11-23T22:21:23.649000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158114	date:	2020-01-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-013583	date:	2020-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201912-1004	date:	2020-02-11T00:00:00
db:	NVD	id:	CVE-2019-6679	date:	2024-11-21T04:46:56.530

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158114	date:	2019-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-013583	date:	2020-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201912-1004	date:	2019-12-23T00:00:00
db:	NVD	id:	CVE-2019-6679	date:	2019-12-23T18:15:11.160