2019-05-03 22:29:01 2019-05-24 20:29:01

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL
F5 Big-ip policy enforcement manager 11.6.3.4 (not an official CPE) F5 Big-ip policy enforcement manager 11.6.3 (not an official CPE) F5 Big-ip policy enforcement manager 11.6.2 (not an official CPE) F5 Big-ip policy enforcement manager 11.6.1 (not an official CPE) F5 Big-ip policy enforcement manager 11.5.7 (not an official CPE) F5 Big-ip policy enforcement manager 11.5.6 (not an official CPE) F5 Big-ip policy enforcement manager 11.5.5 (not an official CPE) F5 Big-ip policy enforcement manager 11.5.4 (not an official CPE) F5 Networks BIG-IP Policy Enforcement Manager 11.5.3 F5 Big-ip policy enforcement manager 11.5.2 (not an official CPE) F5 Big-ip local traffic manager 14.1.0.1 (not an official CPE) F5 Big-ip local traffic manager 14.1.0 (not an official CPE) F5 Big-ip local traffic manager 14.0.0.4 (not an official CPE) F5 Big-ip local traffic manager 14.0.0 (not an official CPE) F5 Big-ip local traffic manager 13.1.1.4 (not an official CPE) F5 Big-ip local traffic manager 13.1.1.3 (not an official CPE) F5 Big-ip local traffic manager 13.1.0 (not an official CPE) F5 Big-ip local traffic manager 13.1.1 (not an official CPE) F5 Big-ip local traffic manager 13.0.1 (not an official CPE) F5 Big-ip local traffic manager 13.0.0 (not an official CPE) F5 Big-ip local traffic manager 12.1.4 (not an official CPE) F5 Big-ip local traffic manager 12.1.3 (not an official CPE) F5 Big-ip local traffic manager 12.1.2 (not an official CPE) F5 Big-ip local traffic manager 12.1.1 (not an official CPE) F5 Big-ip local traffic manager 12.1.0 (not an official CPE) F5 Big-ip local traffic manager 11.6.3.4 (not an official CPE) F5 Big-ip local traffic manager 11.6.3 (not an official CPE) F5 Big-ip local traffic manager 11.6.2 (not an official CPE) F5 Big-ip local traffic manager 11.6.1 (not an official CPE) F5 Big-ip local traffic manager 11.5.6 (not an official CPE) F5 Big-ip local traffic manager 11.5.7 (not an official CPE) F5 Big-ip local traffic manager 11.5.5 (not an official CPE) F5 Big-ip local traffic manager 11.5.4 (not an official CPE) F5 Big-ip local traffic manager 11.5.3 (not an official CPE) F5 Big-ip local traffic manager 11.5.2 (not an official CPE) F5 Big-ip link controller 14.1.0.1 (not an official CPE) F5 Big-ip link controller 14.1.0 (not an official CPE) F5 Big-ip link controller 14.0.0.4 (not an official CPE) F5 Big-ip link controller 14.0.0 (not an official CPE) F5 Big-ip link controller 13.1.1.4 (not an official CPE) F5 Big-ip link controller 13.1.1.3 (not an official CPE) F5 Big-ip link controller 13.1.1 (not an official CPE) F5 Big-ip link controller 13.1.0 (not an official CPE) F5 Big-ip link controller 13.0.1 (not an official CPE) F5 Big-ip link controller 13.0.0 (not an official CPE) F5 Big-ip link controller 12.1.4 (not an official CPE) F5 Big-ip link controller 12.1.3 (not an official CPE) F5 Big-ip link controller 12.1.2 (not an official CPE) F5 Big-ip link controller 12.1.1 (not an official CPE) F5 Big-ip link controller 12.1.0 (not an official CPE) F5 Big-ip link controller 11.6.3 (not an official CPE) F5 Big-ip link controller 11.6.2 (not an official CPE) F5 Big-ip link controller 11.6.1 (not an official CPE) F5 Big-ip link controller 11.5.7 (not an official CPE) F5 Big-ip link controller 11.5.6 (not an official CPE) F5 Big-ip link controller 11.5.5 (not an official CPE) F5 Big-ip link controller 11.5.4 (not an official CPE) F5 Big-ip link controller 11.5.3 (not an official CPE) F5 Big-ip global traffic manager 14.1.0 (not an official CPE) F5 Big-ip link controller 11.5.2 (not an official CPE) F5 Big-ip global traffic manager 14.0.0 (not an official CPE) F5 Big-ip global traffic manager 13.1.1 (not an official CPE) F5 Big-ip global traffic manager 13.1.0 (not an official CPE) F5 Big-ip global traffic manager 13.0.1 (not an official CPE) F5 Big-ip global traffic manager 13.0.0 (not an official CPE) F5 Big-ip global traffic manager 12.1.4 (not an official CPE) F5 Big-ip global traffic manager 12.1.3 (not an official CPE) F5 Big-ip global traffic manager 12.1.2 (not an official CPE) F5 Big-ip global traffic manager 12.1.1 (not an official CPE) F5 Big-ip global traffic manager 12.1.0 (not an official CPE) F5 Big-ip global traffic manager 11.6.3.4 (not an official CPE) F5 Big-ip global traffic manager 11.6.3 (not an official CPE) F5 Big-ip global traffic manager 11.6.2 (not an official CPE) F5 Big-ip global traffic manager 11.6.1 (not an official CPE) F5 Big-ip global traffic manager 11.5.7 (not an official CPE) F5 Big-ip global traffic manager 11.5.6 (not an official CPE) F5 Big-ip global traffic manager 11.5.5 (not an official CPE) F5 Big-ip global traffic manager 11.5.4 (not an official CPE) F5 Big-ip global traffic manager 11.5.3 (not an official CPE) F5 Big-ip global traffic manager 11.5.2 (not an official CPE) F5 Big-ip fraud protection service 14.1.0.1 (not an official CPE) F5 Big-ip fraud protection service 14.1.0 (not an official CPE) F5 Big-ip fraud protection service 14.0.0.4 (not an official CPE) F5 Big-ip fraud protection service 14.0.0 (not an official CPE) F5 Big-ip fraud protection service 13.1.1.4 (not an official CPE) F5 Big-ip fraud protection service 13.1.1.3 (not an official CPE) F5 Big-ip fraud protection service 13.1.1 (not an official CPE) F5 Big-ip fraud protection service 13.1.0 (not an official CPE) F5 Big-ip fraud protection service 13.0.1 (not an official CPE) F5 Big-ip fraud protection service 13.0.0 (not an official CPE) F5 Big-ip fraud protection service 12.1.3 (not an official CPE) F5 Big-ip fraud protection service 12.1.2 (not an official CPE) F5 Big-ip fraud protection service 12.1.1 (not an official CPE) F5 Big-ip fraud protection service 12.1.0 (not an official CPE) F5 Big-ip fraud protection service 11.6.3 (not an official CPE) F5 Big-ip fraud protection service 11.6.2 (not an official CPE) F5 Big-ip fraud protection service 11.6.1 (not an official CPE) F5 Big-ip fraud protection service 11.5.7 (not an official CPE) F5 Big-ip fraud protection service 11.5.6 (not an official CPE) F5 Big-ip fraud protection service 11.5.5 (not an official CPE) F5 Big-ip fraud protection service 11.5.4 (not an official CPE) F5 Big-ip fraud protection service 11.5.3 (not an official CPE) F5 Big-ip fraud protection service 11.5.2 (not an official CPE) F5 Big-ip edge gateway 14.1.0.1 (not an official CPE) F5 Big-ip edge gateway 14.1.0 (not an official CPE) F5 Big-ip edge gateway 14.0.0.4 (not an official CPE) F5 Big-ip edge gateway 14.0.0 (not an official CPE) F5 Big-ip edge gateway 13.1.1.4 (not an official CPE) F5 Big-ip edge gateway 13.1.1.3 (not an official CPE) F5 Big-ip edge gateway 13.1.1 (not an official CPE) F5 Big-ip edge gateway 13.1.0 (not an official CPE) F5 Big-ip edge gateway 13.0.1 (not an official CPE) F5 Big-ip edge gateway 13.0.0 (not an official CPE) F5 Big-ip edge gateway 12.1.4 (not an official CPE) F5 Big-ip edge gateway 12.1.3 (not an official CPE) F5 Big-ip edge gateway 12.1.2 (not an official CPE) F5 Big-ip edge gateway 12.1.1 (not an official CPE) F5 Big-ip edge gateway 12.1.0 (not an official CPE) F5 Big-ip edge gateway 11.6.3 (not an official CPE) F5 Big-ip edge gateway 11.6.2 (not an official CPE) F5 Big-ip edge gateway 11.6.1 (not an official CPE) F5 Big-ip edge gateway 11.5.7 (not an official CPE) F5 Big-ip edge gateway 11.5.5 (not an official CPE) F5 Big-ip edge gateway 11.5.6 (not an official CPE) F5 Big-ip edge gateway 11.5.4 (not an official CPE) F5 Big-ip edge gateway 11.5.2 (not an official CPE) F5 Big-ip edge gateway 11.5.3 (not an official CPE) F5 Big-ip domain name system 14.1.0.1 (not an official CPE) F5 Big-ip domain name system 14.0.0.4 (not an official CPE) F5 Big-ip domain name system 14.1.0 (not an official CPE) F5 Big-ip domain name system 14.0.0 (not an official CPE) F5 Big-ip domain name system 13.1.1.3 (not an official CPE) F5 Big-ip domain name system 13.1.1.4 (not an official CPE) F5 Big-ip domain name system 13.1.1 (not an official CPE) F5 Big-ip domain name system 13.0.1 (not an official CPE) F5 Big-ip domain name system 13.1.0 (not an official CPE) F5 Big-ip domain name system 13.0.0 (not an official CPE) F5 Big-ip domain name system 12.1.3 (not an official CPE) F5 Big-ip domain name system 12.1.4 (not an official CPE) F5 Big-ip domain name system 12.1.2 (not an official CPE) F5 Big-ip domain name system 12.1.0 (not an official CPE) F5 Big-ip domain name system 12.1.1 (not an official CPE) F5 Big-ip domain name system 11.6.3.4 (not an official CPE) F5 Big-ip domain name system 11.6.3 (not an official CPE) F5 Big-ip domain name system 11.6.2 (not an official CPE) F5 Big-ip domain name system 11.6.1 (not an official CPE) F5 Big-ip domain name system 11.5.7 (not an official CPE) F5 Big-ip domain name system 11.5.6 (not an official CPE) F5 Big-ip domain name system 11.5.5 (not an official CPE) F5 Big-ip domain name system 11.5.4 (not an official CPE) F5 Big-ip domain name system 11.5.3 (not an official CPE) F5 Big-ip domain name system 11.5.2 (not an official CPE) F5 Big-ip application security manager 14.1.0.1 (not an official CPE) F5 Big-ip application security manager 14.1.0 (not an official CPE) F5 Big-ip application security manager 14.0.0.4 (not an official CPE) F5 Big-ip application security manager 13.1.1.4 (not an official CPE) F5 Big-ip application security manager 14.0.0 (not an official CPE) F5 Big-ip application security manager 13.1.1.3 (not an official CPE) F5 Big-ip application security manager 13.1.1 (not an official CPE) F5 Big-ip application security manager 13.1.0 (not an official CPE) F5 Big-ip application security manager 13.0.1 (not an official CPE) F5 Big-ip application security manager 13.0.0 (not an official CPE) F5 Big-ip application security manager 12.1.4 (not an official CPE) F5 Big-ip application security manager 12.1.3 (not an official CPE) F5 Big-ip application security manager 12.1.2 (not an official CPE) F5 Big-ip application security manager 12.1.1 (not an official CPE) F5 Big-ip application security manager 12.1.0 (not an official CPE) F5 Big-ip application security manager 11.6.3.4 (not an official CPE) F5 Big-ip application security manager 11.6.3 (not an official CPE) F5 Big-ip application security manager 11.6.1 (not an official CPE) F5 Big-ip application security manager 11.6.2 (not an official CPE) F5 Big-ip application security manager 11.5.6 (not an official CPE) F5 Big-ip application security manager 11.5.7 (not an official CPE) F5 Big-ip application security manager 11.5.5 (not an official CPE) F5 Big-ip application security manager 11.5.4 (not an official CPE) F5 Big-ip application security manager 11.5.2 (not an official CPE) F5 Big-ip application security manager 11.5.3 (not an official CPE) F5 Big-ip application acceleration manager 14.1.0.1 (not an official CPE) F5 Big-ip application acceleration manager 14.1.0 (not an official CPE) F5 Big-ip application acceleration manager 14.0.0.4 (not an official CPE) F5 Big-ip application acceleration manager 14.0.0 (not an official CPE) F5 Big-ip application acceleration manager 13.1.1.4 (not an official CPE) F5 Big-ip application acceleration manager 13.1.1.3 (not an official CPE) F5 Big-ip application acceleration manager 13.1.1 (not an official CPE) F5 Big-ip application acceleration manager 13.1.0 (not an official CPE) F5 Big-ip application acceleration manager 13.0.1 (not an official CPE) F5 Big-ip application acceleration manager 13.0.0 (not an official CPE) F5 Big-ip application acceleration manager 12.1.4 (not an official CPE) F5 Big-ip application acceleration manager 12.1.3 (not an official CPE) F5 Big-ip application acceleration manager 12.1.2 (not an official CPE) F5 Big-ip application acceleration manager 12.1.1 (not an official CPE) F5 Big-ip application acceleration manager 12.1.0 (not an official CPE) F5 Big-ip application acceleration manager 11.6.3.4 (not an official CPE) F5 Big-ip application acceleration manager 11.6.3 (not an official CPE) F5 Big-ip application acceleration manager 11.6.2 (not an official CPE) F5 Big-ip application acceleration manager 11.5.8 (not an official CPE) F5 Big-ip application acceleration manager 11.6.1 (not an official CPE) F5 Big-ip application acceleration manager 11.5.7 (not an official CPE) F5 Big-ip application acceleration manager 11.5.6 (not an official CPE) F5 Big-ip application acceleration manager 11.5.5 (not an official CPE) F5 Big-ip application acceleration manager 11.5.4 (not an official CPE) F5 Big-ip application acceleration manager 11.5.3 (not an official CPE) F5 Big-ip application acceleration manager 11.5.2 (not an official CPE) F5 Big-ip analytics 14.1.0 (not an official CPE) F5 Big-ip analytics 14.1.0.1 (not an official CPE) F5 Big-ip analytics 14.0.0.4 (not an official CPE) F5 Big-ip analytics 14.0.0 (not an official CPE) F5 Big-ip analytics 13.1.1.4 (not an official CPE) F5 Big-ip analytics 13.1.1.3 (not an official CPE) F5 Big-ip analytics 13.1.1 (not an official CPE) F5 Big-ip analytics 13.1.0 (not an official CPE) F5 Big-ip analytics 13.0.1 (not an official CPE) F5 Big-ip analytics 13.0.0 (not an official CPE) F5 Big-ip analytics 12.1.4 (not an official CPE) F5 Big-ip analytics 12.1.3 (not an official CPE) F5 Big-ip analytics 12.1.2 (not an official CPE) F5 Big-ip analytics 12.1.1 (not an official CPE) F5 Big-ip analytics 12.1.0 (not an official CPE) F5 Big-ip analytics 11.6.3.4 (not an official CPE) F5 Big-ip analytics 11.6.3 (not an official CPE) F5 Big-ip analytics 11.6.2 (not an official CPE) F5 Big-ip analytics 11.6.1 (not an official CPE) F5 Big-ip analytics 11.5.7 (not an official CPE) F5 Big-ip analytics 11.5.6 (not an official CPE) F5 Big-ip analytics 11.5.5 (not an official CPE) F5 Big-ip analytics 11.5.4 (not an official CPE) F5 Big-ip analytics 11.5.3 (not an official CPE) F5 Big-ip analytics 11.5.2 (not an official CPE) F5 Big-ip advanced firewall manager 14.1.0.1 (not an official CPE) F5 Big-ip advanced firewall manager 14.1.0 (not an official CPE) F5 Big-ip advanced firewall manager 14.0.0.4 (not an official CPE) F5 Big-ip advanced firewall manager 14.0.0 (not an official CPE) F5 Big-ip advanced firewall manager 13.1.1.4 (not an official CPE) F5 Big-ip advanced firewall manager 13.1.1.3 (not an official CPE) F5 Big-ip advanced firewall manager 13.1.1.1 (not an official CPE) F5 Big-ip advanced firewall manager 13.1.1 (not an official CPE) F5 Big-ip advanced firewall manager 13.1.0 (not an official CPE) F5 Big-ip advanced firewall manager 13.0.1 (not an official CPE) F5 Big-ip advanced firewall manager 13.0.0 (not an official CPE) F5 Big-ip advanced firewall manager 12.1.4 (not an official CPE) F5 Big-ip advanced firewall manager 12.1.3.6 (not an official CPE) F5 Big-ip advanced firewall manager 12.1.3 (not an official CPE) F5 Big-ip advanced firewall manager 12.1.2 (not an official CPE) F5 Big-ip advanced firewall manager 12.1.1 (not an official CPE) F5 Big-ip advanced firewall manager 12.1.0 (not an official CPE) F5 Big-ip advanced firewall manager 11.6.3.4 (not an official CPE) F5 Big-ip advanced firewall manager 11.6.3 (not an official CPE) F5 Big-ip advanced firewall manager 11.6.2 (not an official CPE) F5 Big-ip advanced firewall manager 11.6.1 (not an official CPE) F5 Big-ip advanced firewall manager 11.5.8 (not an official CPE) F5 Big-ip advanced firewall manager 11.5.7 (not an official CPE) F5 Big-ip advanced firewall manager 11.5.6 (not an official CPE) F5 Big-ip advanced firewall manager 11.5.5 (not an official CPE) F5 Big-ip advanced firewall manager 11.5.4 (not an official CPE) F5 Big-ip advanced firewall manager 11.5.3 (not an official CPE) F5 Big-ip advanced firewall manager 11.5.2 (not an official CPE) F5 Big-ip access policy manager 14.1.0.1 (not an official CPE) F5 Big-ip access policy manager 14.1.0 (not an official CPE) F5 Big-ip access policy manager 14.0.0.4 (not an official CPE) F5 Big-ip access policy manager 14.0.0 (not an official CPE) F5 Big-ip access policy manager 13.1.1.4 (not an official CPE) F5 Big-ip access policy manager 13.1.1.3 (not an official CPE) F5 Big-ip access policy manager 13.1.1 (not an official CPE) F5 Big-ip access policy manager 13.1.0.8 (not an official CPE) F5 Big-ip access policy manager 13.1.0.7 (not an official CPE) F5 Big-ip access policy manager 13.1.0.6 (not an official CPE) F5 Big-ip access policy manager 13.1.0.5 (not an official CPE) F5 Big-ip access policy manager 13.1.0.4 (not an official CPE) F5 Big-ip access policy manager 13.1.0.3 (not an official CPE) F5 Big-ip access policy manager 13.1.0.2 (not an official CPE) F5 Big-ip access policy manager 13.1.0.1 (not an official CPE) F5 Big-ip access policy manager 13.1.0 (not an official CPE) F5 Big-ip access policy manager 13.0.1 (not an official CPE) F5 Big-ip access policy manager 13.0.0 (not an official CPE) F5 Big-ip access policy manager 12.1.4 (not an official CPE) F5 Big-ip access policy manager 12.1.3.7 (not an official CPE) F5 Big-ip access policy manager 12.1.3.6 (not an official CPE) F5 Big-ip access policy manager 12.1.3.5 (not an official CPE) F5 Big-ip access policy manager 12.1.3.4 (not an official CPE) F5 Big-ip access policy manager 12.1.3.3 (not an official CPE) F5 Big-ip access policy manager 12.1.3.2 (not an official CPE) F5 Big-ip access policy manager 12.1.3.1 (not an official CPE) F5 Big-ip access policy manager 12.1.3 (not an official CPE) F5 Big-ip access policy manager 12.1.2 (not an official CPE) F5 Big-ip access policy manager 12.1.1 (not an official CPE) F5 Big-ip access policy manager 12.1.0 (not an official CPE) F5 Big-ip access policy manager 11.6.3.4 (not an official CPE) F5 Big-ip access policy manager 11.6.3.1 (not an official CPE) F5 Big-ip access policy manager 11.6.3 (not an official CPE) F5 Big-ip access policy manager 11.6.2 (not an official CPE) F5 Big-ip access policy manager 11.6.1 (not an official CPE) F5 Big-ip access policy manager 11.5.8 (not an official CPE) F5 Big-ip access policy manager 11.5.7 (not an official CPE) F5 Big-ip access policy manager 11.5.6 (not an official CPE) F5 Big-ip access policy manager 11.5.5 (not an official CPE) F5 Big-ip access policy manager 11.5.4 (not an official CPE) F5 Big-ip access policy manager 11.5.3 (not an official CPE) F5 Big-ip access policy manager 11.5.2 (not an official CPE) F5 Big-ip policy enforcement manager 12.1.0 (not an official CPE) F5 Big-ip policy enforcement manager 12.1.1 (not an official CPE) F5 Big-ip policy enforcement manager 12.1.2 (not an official CPE) F5 Big-ip policy enforcement manager 12.1.3 (not an official CPE) F5 Big-ip policy enforcement manager 12.1.4 (not an official CPE) F5 Big-ip policy enforcement manager 13.0.0 (not an official CPE) F5 Big-ip policy enforcement manager 13.0.1 (not an official CPE) F5 Big-ip policy enforcement manager 13.1.0 (not an official CPE) F5 Big-ip policy enforcement manager 13.1.1 (not an official CPE) F5 Big-ip policy enforcement manager 13.1.1.3 (not an official CPE) F5 Big-ip policy enforcement manager 13.1.1.4 (not an official CPE) F5 Big-ip policy enforcement manager 14.0.0 (not an official CPE) F5 Big-ip policy enforcement manager 14.0.0.4 (not an official CPE) F5 Big-ip policy enforcement manager 14.1.0 (not an official CPE) F5 Big-ip policy enforcement manager 14.1.0.1 (not an official CPE) F5 Big-ip webaccelerator 11.5.2 (not an official CPE) F5 Big-ip webaccelerator 11.5.3 (not an official CPE) F5 Big-ip webaccelerator 11.5.4 (not an official CPE) F5 Big-ip webaccelerator 11.5.5 (not an official CPE) F5 Big-ip webaccelerator 11.5.6 (not an official CPE) F5 Big-ip webaccelerator 11.5.7 (not an official CPE) F5 Big-ip webaccelerator 11.6.1 (not an official CPE) F5 Big-ip webaccelerator 11.6.2 (not an official CPE) F5 Big-ip webaccelerator 11.6.3 (not an official CPE) F5 Big-ip webaccelerator 12.1.0 (not an official CPE) F5 Big-ip webaccelerator 12.1.1 (not an official CPE) F5 Big-ip webaccelerator 12.1.2 (not an official CPE) F5 Big-ip webaccelerator 12.1.3 (not an official CPE) F5 Big-ip webaccelerator 12.1.4 (not an official CPE) F5 Big-ip webaccelerator 13.0.0 (not an official CPE) F5 Big-ip webaccelerator 13.0.1 (not an official CPE) F5 Big-ip webaccelerator 13.1.0 (not an official CPE) F5 Big-ip webaccelerator 13.1.1 (not an official CPE) F5 Big-ip webaccelerator 13.1.1.3 (not an official CPE) F5 Big-ip webaccelerator 13.1.1.4 (not an official CPE) F5 Big-ip webaccelerator 14.0.0 (not an official CPE) F5 Big-ip webaccelerator 14.1.0 (not an official CPE)