Multiple vulnerabilities in F5 Networks BIG-IP products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-6664 CVE-2019-6687 |
| CWE-ID | CWE-264 CWE-295 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
BIG-IP Hardware solutions / Firmware BIG-IP LTM Hardware solutions / Security hardware applicances BIG-IP AFM Hardware solutions / Security hardware applicances BIG-IP Analytics Hardware solutions / Security hardware applicances BIG-IP APM Hardware solutions / Security hardware applicances BIG-IP ASM Hardware solutions / Security hardware applicances BIG-IP FPS Hardware solutions / Security hardware applicances BIG-IP GTM Hardware solutions / Security hardware applicances BIG-IP PEM Hardware solutions / Security hardware applicances BIG-IP AAM Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP DNS Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP Edge Gateway Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP Link Controller Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP WebAccelerator Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU22977
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-6664
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to otherwise restricted functionality.
The vulnerability exists due to network protections on the management port do not follow current best practices, under certain conditions. The default firewall rules for the management interface are not reliably reinstalled after first boot. As a result, a remote attacker can expose the management interface.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBIG-IP: 14.1.0 - 15.0.0
BIG-IP LTM: 14.1.0 - 15.0.0
BIG-IP AAM: 14.1.0 - 15.0.0
BIG-IP AFM: 14.1.0 - 15.0.0
BIG-IP Analytics: 14.1.0 - 15.0.0
BIG-IP APM: 14.1.0 - 15.0.0
BIG-IP ASM: 14.1.0 - 15.0.0
BIG-IP DNS: 14.1.0 - 15.0.0
BIG-IP Edge Gateway: 14.1.0 - 15.0.0
BIG-IP FPS: 14.1.0 - 15.0.0
BIG-IP GTM: 14.1.0 - 15.0.0
BIG-IP Link Controller: 14.1.0 - 15.0.0
BIG-IP PEM: 14.1.0 - 15.0.0
BIG-IP WebAccelerator: 14.1.0 - 15.0.0
CPE2.3- cpe:2.3:h:f5_networks:big-ip:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_analytics:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_analytics:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_edge_gateway:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_fps:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_gtm:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_webaccelerator:14.1.0:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K03126093
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Certificate Validation
EUVDB-ID: #VU23773
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-6687
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a man-in-the-middle attack.
The vulnerability exists due to the Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. A remote attacker can perform a man-in-the-middle attack, intercept traffic destined for cloud services and read and modify data that is in transit.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBIG-IP ASM: 15.0.1
CPE2.3 External linkshttps://support.f5.com/csp/article/K59957337
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
