Lucene search

[email protected]CVE-2019-6598

HistoryMar 13, 2019 - 10:29 p.m.

CVE-2019-6598

2019-03-1322:29:00

[email protected]

web.nvd.nist.gov

cve-2019-6598

big-ip

enterprise manager

tmui

disruption

malformed requests

nvd

security

vulnerability

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack.

Affected configurations

NVD

Node

f5big-ip_local_traffic_managerRange11.5.1–11.5.8

f5big-ip_local_traffic_managerRange11.6.1–11.6.3.2

f5big-ip_local_traffic_managerRange12.1.0–12.1.3.5

f5big-ip_local_traffic_managerRange13.0.0–13.1.0.7

f5big-ip_local_traffic_managerRange14.0.0–14.0.0.2

Node

f5big-ip_application_acceleration_managerRange11.5.1–11.5.8

f5big-ip_application_acceleration_managerRange11.6.1–11.6.3.2

f5big-ip_application_acceleration_managerRange12.1.0–12.1.3.5

f5big-ip_application_acceleration_managerRange13.0.0–13.1.0.7

f5big-ip_application_acceleration_managerRange14.0.0–14.0.0.2

Node

f5big-ip_advanced_firewall_managerRange11.5.1–11.5.8

f5big-ip_advanced_firewall_managerRange11.6.1–11.6.3.2

f5big-ip_advanced_firewall_managerRange12.1.0–12.1.3.5

f5big-ip_advanced_firewall_managerRange13.0.0–13.1.0.7

f5big-ip_advanced_firewall_managerRange14.0.0–14.0.0.2

Node

f5big-ip_analyticsRange11.5.1–11.5.8

f5big-ip_analyticsRange11.6.1–11.6.3.2

f5big-ip_analyticsRange12.1.0–12.1.3.5

f5big-ip_analyticsRange13.0.0–13.1.0.7

f5big-ip_analyticsRange14.0.0–14.0.0.2

Node

f5big-ip_access_policy_managerRange11.5.1–11.5.8

f5big-ip_access_policy_managerRange11.6.1–11.6.3.2

f5big-ip_access_policy_managerRange12.1.0–12.1.3.5

f5big-ip_access_policy_managerRange13.0.0–13.1.0.7

f5big-ip_access_policy_managerRange14.0.0–14.0.0.2

Node

f5big-ip_application_security_managerRange11.5.1–11.5.8

f5big-ip_application_security_managerRange11.6.1–11.6.3.2

f5big-ip_application_security_managerRange12.1.0–12.1.3.5

f5big-ip_application_security_managerRange13.0.0–13.1.0.7

f5big-ip_application_security_managerRange14.0.0–14.0.0.2

Node

f5big-ip_domain_name_systemRange11.5.1–11.5.8

f5big-ip_domain_name_systemRange11.6.1–11.6.3.2

f5big-ip_domain_name_systemRange12.1.0–12.1.3.5

f5big-ip_domain_name_systemRange13.0.0–13.1.0.7

f5big-ip_domain_name_systemRange14.0.0–14.0.0.2

Node

f5big-ip_edge_gatewayRange11.5.1–11.5.8

f5big-ip_edge_gatewayRange11.6.1–11.6.3.2

f5big-ip_edge_gatewayRange12.1.0–12.1.3.5

f5big-ip_edge_gatewayRange13.0.0–13.1.0.7

f5big-ip_edge_gatewayRange14.0.0–14.0.0.2

Node

f5big-ip_fraud_protection_serviceRange11.5.1–11.5.8

f5big-ip_fraud_protection_serviceRange11.6.1–11.6.3.2

f5big-ip_fraud_protection_serviceRange12.1.0–12.1.3.5

f5big-ip_fraud_protection_serviceRange13.0.0–13.1.0.7

f5big-ip_fraud_protection_serviceRange14.0.0–14.0.0.2

Node

f5big-ip_global_traffic_managerRange11.5.1–11.5.8

f5big-ip_global_traffic_managerRange11.6.1–11.6.3.2

f5big-ip_global_traffic_managerRange12.1.0–12.1.3.5

f5big-ip_global_traffic_managerRange13.0.0–13.1.0.7

f5big-ip_global_traffic_managerRange14.0.0–14.0.0.2

Node

f5big-ip_link_controllerRange11.5.1–11.5.8

f5big-ip_link_controllerRange11.6.1–11.6.3.2

f5big-ip_link_controllerRange12.1.0–12.1.3.5

f5big-ip_link_controllerRange13.0.0–13.1.0.7

f5big-ip_link_controllerRange14.0.0–14.0.0.2

Node

f5big-ip_policy_enforcement_managerRange11.5.1–11.5.8

f5big-ip_policy_enforcement_managerRange11.6.1–11.6.3.2

f5big-ip_policy_enforcement_managerRange12.1.0–12.1.3.5

f5big-ip_policy_enforcement_managerRange13.0.0–13.1.0.7

f5big-ip_policy_enforcement_managerRange14.0.0–14.0.0.2

Node

f5big-ip_webacceleratorRange11.5.1–11.5.8

f5big-ip_webacceleratorRange11.6.1–11.6.3.2

f5big-ip_webacceleratorRange12.1.0–12.1.3.5

f5big-ip_webacceleratorRange13.0.0–13.1.0.7

f5big-ip_webacceleratorRange14.0.0–14.0.0.2

Node

f5enterprise_managerMatch3.1.1

CPENameOperatorVersion
f5:big-ip_local_traffic_managerf5 big-ip local traffic managerle11.5.8
f5:big-ip_local_traffic_managerf5 big-ip local traffic managerle11.6.3.2
f5:big-ip_local_traffic_managerf5 big-ip local traffic managerle12.1.3.5
f5:big-ip_local_traffic_managerf5 big-ip local traffic managerle13.1.0.7
f5:big-ip_local_traffic_managerf5 big-ip local traffic managerle14.0.0.2

CPE	Name	Operator	Version
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	le	11.5.8
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	le	11.6.3.2
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	le	12.1.3.5
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	le	13.1.0.7
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	le	14.0.0.2

CNA Affected

[
  {
    "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe); Enterprise Manager",
    "vendor": "F5 Networks, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, 11.5.1-11.5.8"
      },
      {
        "status": "affected",
        "version": "EM 3.1.1"
      }
    ]
  }
]

References

support.f5.com/csp/article/K44603900

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

Related for CVE-2019-6598

prion1 osv1 cvelist1 nessus1 f51 nvd1