Back to search
CVE-2019-6679
Published: Dec 23, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted.
| Vendor | Product | Versions |
|---|---|---|
F5 | BIG-IP | affected 15.0.0-15.0.1affected 14.1.0.2-14.1.2.2affected 14.0.0.5-14.0.1affected 13.1.1.5-13.1.3.1affected 12.1.4.1-12.1.5+2 more versions |
References
https://support.f5.com/csp/article/K54336216
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now