Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 5 |
CVE-ID | CVE-2019-6684 CVE-2019-6678 CVE-2019-6685 CVE-2019-6677 CVE-2019-6688 |
CWE-ID | CWE-20 CWE-264 CWE-200 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
BIG-IP Hardware solutions / Firmware BIG-IQ Centralized Management Server applications / Remote management servers, RDP, SSH |
Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
UPDATED: 23.12.2019
Added vulnerability #2-5, raised severity level from Low to Medium.
EUVDB-ID: #VU23786
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6684
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of vCMP packets in Traffic Management Microkernel (TMM). A remote attacker on the local network can send specially crafted broadcast IP fragments that will cause the TMM to reload, resulting in a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsBIG-IP: 13.0.0 - 15.0.1.0.48.11-ENG Hotfix
External linkshttp://api-u.f5.com/support/kb-articles/K95117754?cacheFlag=false
http://support.f5.com/csp/article/K95117754
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23800
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6678
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Traffic Management Microkernel (TMM) process. A remote attacker can send specially crafted traffic to the affected device and cause its reload.
Install updates from vendor's website.
Vulnerable software versionsBIG-IP: 13.0.0 - 15.0.1.0.48.11-ENG Hotfix
External linkshttp://support.f5.com/csp/article/K04897373
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23802
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6685
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper privilege management. A remote user access to edit iRules is able to create iRules that may allow to change system configuration and execute arbitrary commands.
Install updates from vendor's website.
Vulnerable software versionsBIG-IP: 11.5.2 - 15.0.1.0.48.11-ENG Hotfix
External linkshttp://support.f5.com/csp/article/K30215839
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23803
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Traffic Management Microkernel (TMM) process, when using custom TCP congestion control settings in a TCP profile. A remote attacker can send specially crafted traffic to the device and cause TMM to stop processing traffic when handled by an iRule.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBIG-IP: 12.1.0 - 15.0.1.0.48.11-ENG Hotfix
External linkshttp://support.f5.com/csp/article/K06747393
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23804
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6688
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error that allows an SNMP user to obtain the secret used to encrypt the BIG-IP UCS backup file. A remote user can gain access to sensitive information and use it to perform further attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBIG-IP: 11.5.2 - 15.0.1.0.48.11-ENG Hotfix
BIG-IQ Centralized Management: 5.2.0 - 6.1.0
External linkshttp://support.f5.com/csp/article/K25607522
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.