Vulnerability ID: CVE-2019-6685 Vulnerability Description: Users with access to edit iRules can create iRules leading to privilege escalation, configuration changes, and arbitrary command execution. Evaluated Products: BIG-IP, BIG-IQ, Enterprise Manager, and Traffix SDC. Affected Product: BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) Not Affected Products: BIG-IQ Centralized Management, Enterprise Manager, Traffic SDC. Vulnerable Versions: - 15.x: 15.0.0 - 15.0.1 - 14.x: 14.1.0 - 14.1.2, 14.0.0 - 14.0.1 - 13.x: 13.1.0 - 13.1.3 - 12.x: 12.1.0 - 12.1.5 - 11.x: 11.5.2 - 11.6.5 Fixed Versions: - 15.x: 15.1.0, 15.0.1.3 - 14.x: 14.1.2.3, 14.0.1.1 - 13.x: 13.1.3.2 - 12.x: 12.1.5.1 - 11.x: 11.6.5.2 Severity: Medium CVSSv3 Score: 6.7 Vulnerable Component: iRules Mitigation: Remove iRules Manager role if possible.