Denial of service in BIG-IP AFM libssh2 package
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-3859 CVE-2019-3860 |
| CWE-ID | CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
BIG-IP AFM Hardware solutions / Security hardware applicances |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU18027
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-3859
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing packets in _libssh2_packet_require() and _libssh2_packet_requirev() functions. A remote attacker can trick the victim to connect to a malicious SSH server, trigger out-of-bounds read error and read contents of memory or crash the affected application.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
The vulnerability affects devices with virtual servers configured with an SSH Proxy profile.
Vulnerable software versionsBIG-IP AFM: 15.0.0 - 17.1.2
CPE2.3- cpe:2.3:h:f5_networks:big-ip_afm:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:15.0.1.0.33.11:ENG Hotfix:*:*:*:*:*:*
https://my.f5.com/manage/s/article/K000149288
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU18026
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-3860
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing SFTP packets. A remote attacker can trick the victim to connect to a malicious SSH server, trigger out-of-bounds read error and read contents of memory or crash the affected application.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
The vulnerability affects devices with virtual servers configured with an SSH Proxy profile.
Vulnerable software versionsBIG-IP AFM: 15.0.0 - 17.1.2
CPE2.3- cpe:2.3:h:f5_networks:big-ip_afm:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:15.0.1.0.33.11:ENG Hotfix:*:*:*:*:*:*
https://my.f5.com/manage/s/article/K000149288
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
