Description
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.
Affected products
- F5 / BIG-IP, BIG-IQ, iWorkflow, Enterprise ManagerBIG-IP 15.0.0-15.1.0 – BIG-IP 15.0.0-15.1.0
- F5 / BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager14.0.0-14.1.2.3 – 14.0.0-14.1.2.3
- F5 / BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager13.1.0-13.1.3.2 – 13.1.0-13.1.3.2
- F5 / BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager12.1.0-12.1.5 – 12.1.0-12.1.5
- F5 / BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager11.5.2-11.6.5.1 – 11.5.2-11.6.5.1
- F5 / BIG-IP, BIG-IQ, iWorkflow, Enterprise ManagerBIG-IQ 7.0.0 – BIG-IQ 7.0.0
- F5 / BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager6.0.0-6.1.0 – 6.0.0-6.1.0
- F5 / BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager5.0.0-5.4.0 – 5.0.0-5.4.0
- F5 / BIG-IP, BIG-IQ, iWorkflow, Enterprise ManageriWorkflow 2.3.0 – iWorkflow 2.3.0
- F5 / BIG-IP, BIG-IQ, iWorkflow, Enterprise ManagerEnterprise Manager 3.1.1 – Enterprise Manager 3.1.1