Description
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K40378764
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K40378764?utm_source=f5support&%3Butm_medium=RSS
Scores
CVSS v3
8.8
EPSS
0.0061
EPSS Percentile
69.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (29)
f5/big-ip_access_policy_manager
15.0.0
f5/big-ip_access_policy_manager
11.5.2 - 11.6.4
f5/big-ip_advanced_firewall_manager
15.0.0
f5/big-ip_advanced_firewall_manager
11.5.2 - 11.6.4
f5/big-ip_analytics
15.0.0
f5/big-ip_analytics
11.5.2 - 11.6.4
f5/big-ip_application_acceleration_manager
15.0.0
f5/big-ip_application_acceleration_manager
11.5.2 - 11.6.4
f5/big-ip_application_security_manager
15.0.0
f5/big-ip_application_security_manager
11.5.2 - 11.6.4
... and 19 more
Published
Jul 01, 2019
Tracked Since
Feb 18, 2026