CVE-2019-6618 : Security Advisory and Response
Learn about CVE-2019-6618, a privilege escalation vulnerability in F5 BIG-IP versions 11.5.2-14.1.0.1. Find out how Resource Administrators can make unauthorized filesystem changes and how to mitigate this issue.
A vulnerability in F5 BIG-IP versions 11.5.2-14.1.0.1 allows Resource Administrators to make unauthorized changes to the filesystem.
Understanding CVE-2019-6618
This CVE identifies a privilege escalation issue in F5 BIG-IP products.
What is CVE-2019-6618?
Users with the Resource Administrator role on affected versions can manipulate critical parts of the filesystem by exploiting Advanced Shell Access.
The Impact of CVE-2019-6618
The vulnerability enables unauthorized modifications to sensitive areas, violating Resource Administrator role restrictions.
Technical Details of CVE-2019-6618
This section delves into the technical aspects of the vulnerability.
Vulnerability Description
The flaw allows Resource Administrators to edit crucial files like /etc/passwd, contrary to role limitations.
Affected Systems and Versions
- BIG-IP versions 14.0.0-14.1.0.1
- BIG-IP versions 13.0.0-13.1.1.4
- BIG-IP versions 12.1.0-12.1.4
- BIG-IP versions 11.6.1-11.6.3.4
- BIG-IP versions 11.5.2-11.5.8
Exploitation Mechanism
Users with the Resource Administrator role can exploit Advanced Shell Access to modify critical filesystem components.
Mitigation and Prevention
Protecting systems from this vulnerability is crucial.
Immediate Steps to Take
- Restrict Advanced Shell Access for Resource Administrators.
- Monitor filesystem changes for unauthorized modifications.
Long-Term Security Practices
- Regularly review and update role-based access controls.
- Conduct security training to educate users on proper access management.
Patching and Updates
Apply patches provided by F5 to address the privilege escalation vulnerability.