Key Vulnerability Information Title K07702240: BIG-IP Resource Administrator vulnerability CVE-2019-6618 Published Date April 30, 2019 Updated Date February 22, 2023 Description Users with the Resource Administrator role can modify sensitive portions of the file system if provided Advanced Shell access, such as editing /etc/passwd. This allows modifications to user objects and is contrary to the definition for the Resource Administrator role restrictions. Impact BIG-IP - An authenticated Resource Administrator user may be able to exploit this vulnerability when granted Advanced Shell access and compromise the integrity of the affected systems. BIG-IQ, Enterprise Manager, F5 iWorkflow, Traffix SDC - There is no impact; these F5 products are not affected by this vulnerability. Vulnerable Products and Versions Severity and CVSSv3 Score CVSSv3 score: 5.5 (Medium) Vulnerable Component or Feature TMOS (Resource Administrator role) Recommended Actions Upgrade to a version listed in the "Fixes introduced in" column to eliminate the vulnerability. Mitigation None provided in the advisory.