Detections
Analytics

F5 Networks BIG-IP : SCP vulnerability (K54336216)

low Nessus Plugin ID 132570

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The system does not properly enforce the access controls for the scp.whitelist and scp.blacklist files whenpaths are symbolic links (symlinks). This allows authenticated users with Secure Copy (SCP) protocol access to overwrite certain configuration files that would otherwise be restricted. (CVE-2019-6679)

Note : F5 is working to eliminate exclusionary language in our products and documentation. For more information, refer toK34150231:
Exclusionary language in F5 products and documentation.

Impact

BIG-IP

Authenticated users with access to the Secure Copy utility ( scp ), which is an OpenSSH tool, but without full file systemor Advanced Shell ( bash )access, can overwrite certain configuration files.

BIG-IQ / Enterprise Manager / Traffix SDC

There is no impact; these F5 products are not affected by this vulnerability.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K54336216.

See Also

https://my.f5.com/manage/s/article/K54336216

Plugin Details

Severity: Low

ID: 132570

File Name: f5_bigip_SOL54336216.nasl

Version: 1.6

Type: local

Published: 12/31/2019

Updated: 11/2/2023

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 3.6

Temporal Score: 2.7

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2019-6679

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_domain_name_system, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_webaccelerator, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 12/19/2019

Vulnerability Publication Date: 12/23/2019

Reference Information

CVE: CVE-2019-6679