Main Vulnerability Database SB2019112603

SB2019112603 - DNS Rebinding in several F5 Networks products

Published: November 26, 2019

Security Bulletin ID SB2019112603

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Reliance on Reverse DNS Resolution for a Security-Critical Action (CVE-ID: CVE-2019-6663)

The vulnerability allows a local user to perform an Anti DNS Pinning (DNS Rebinding) attack.

The vulnerability exists due to the Configuration utility does not sufficiently verify the Host field in the HTTP request. A local user initiating a DNS rebinding attack requires control of the DNS that is configured in a client that accesses the Configuration utility of the vulnerable system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://support.f5.com/csp/article/K76052144

Vulnerable Software

Enterprise Manager: 3.1.1
BIG-IQ Centralized Management: 5.2.0 - 7.0.0
F5 iWorkflow: 2.3.0
BIG-IP AAM: 11.5.2 - 15.0.1
BIG-IP AFM: 11.5.2 - 15.0.1
BIG-IP Analytics: 11.5.2 - 15.0.1
BIG-IP APM: 11.5.2 - 15.0.1
BIG-IP ASM: 11.5.2 - 15.0.1
BIG-IP DNS: 11.5.2 - 15.0.1
BIG-IP Edge Gateway: 11.5.2 - 15.0.1
BIG-IP FPS: 11.5.2 - 15.0.1
BIG-IP GTM: 11.5.2 - 15.0.1
BIG-IP Link Controller: 11.5.2 - 15.0.1
BIG-IP PEM: 11.5.2 - 15.0.1
BIG-IP WebAccelerator: 11.5.2 - 15.0.1
BIG-IP: 11.5.2 - 15.0.1