Group Permission Escalation in BIG-IP Application Acceleration Manager (AAM)

Group Permission Escalation in BIG-IP Application Acceleration Manager (AAM)

CVE-2019-6601 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts.

Learn more about our Web Application Penetration Testing UK.