Denial of service in F5 Networks BIG-IP
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2019-6684 CVE-2019-6678 CVE-2019-6685 CVE-2019-6677 CVE-2019-6688 |
| CWE-ID | CWE-20 CWE-264 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
BIG-IP Hardware solutions / Firmware BIG-IQ Centralized Management Server applications / Remote management servers, RDP, SSH |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
UPDATED: 23.12.2019
Added vulnerability #2-5, raised severity level from Low to Medium.
1) Input validation error
EUVDB-ID: #VU23786
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6684
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of vCMP packets in Traffic Management Microkernel (TMM). A remote attacker on the local network can send specially crafted broadcast IP fragments that will cause the TMM to reload, resulting in a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsBIG-IP: 13.0.0 - 15.0.1.0.48.11-ENG Hotfix
External linkshttp://api-u.f5.com/support/kb-articles/K95117754?cacheFlag=false
http://support.f5.com/csp/article/K95117754
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU23800
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6678
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Traffic Management Microkernel (TMM) process. A remote attacker can send specially crafted traffic to the affected device and cause its reload.
Install updates from vendor's website.
Vulnerable software versionsBIG-IP: 13.0.0 - 15.0.1.0.48.11-ENG Hotfix
External linkshttp://support.f5.com/csp/article/K04897373
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU23802
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6685
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper privilege management. A remote user access to edit iRules is able to create iRules that may allow to change system configuration and execute arbitrary commands.
Install updates from vendor's website.
Vulnerable software versionsBIG-IP: 11.5.2 - 15.0.1.0.48.11-ENG Hotfix
External linkshttp://support.f5.com/csp/article/K30215839
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU23803
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Traffic Management Microkernel (TMM) process, when using custom TCP congestion control settings in a TCP profile. A remote attacker can send specially crafted traffic to the device and cause TMM to stop processing traffic when handled by an iRule.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBIG-IP: 12.1.0 - 15.0.1.0.48.11-ENG Hotfix
External linkshttp://support.f5.com/csp/article/K06747393
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU23804
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6688
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error that allows an SNMP user to obtain the secret used to encrypt the BIG-IP UCS backup file. A remote user can gain access to sensitive information and use it to perform further attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBIG-IP: 11.5.2 - 15.0.1.0.48.11-ENG Hotfix
BIG-IQ Centralized Management: 5.2.0 - 6.1.0
External linkshttp://support.f5.com/csp/article/K25607522
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
