Lucene search

K
cveF5CVE-2019-6644
HistorySep 04, 2019 - 5:15 p.m.

CVE-2019-6644

2019-09-0417:15:11
f5
web.nvd.nist.gov
110
2
cve-2019-6644
nvd
big-ip
security
debug
nodejs
unauthorized access
interfaces
vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

60.2%

Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.

Affected configurations

Nvd
Node
f5big-ip_local_traffic_managerRange12.1.312.1.4
OR
f5big-ip_local_traffic_managerRange13.0.013.1.2
OR
f5big-ip_local_traffic_managerMatch14.0.0
OR
f5big-ip_local_traffic_managerMatch14.1.0
Node
f5big-ip_advanced_firewall_managerRange12.1.312.1.4
OR
f5big-ip_advanced_firewall_managerRange13.0.013.1.2
OR
f5big-ip_advanced_firewall_managerMatch14.0.0
OR
f5big-ip_advanced_firewall_managerMatch14.1.0
Node
f5big-ip_application_acceleration_managerRange12.1.312.1.4
OR
f5big-ip_application_acceleration_managerRange13.0.013.1.2
OR
f5big-ip_application_acceleration_managerMatch14.0.0
OR
f5big-ip_application_acceleration_managerMatch14.1.0
Node
f5big-ip_analyticsRange12.1.312.1.4
OR
f5big-ip_analyticsRange13.0.013.1.2
OR
f5big-ip_analyticsMatch14.0.0
OR
f5big-ip_analyticsMatch14.1.0
Node
f5big-ip_access_policy_managerRange12.1.312.1.4
OR
f5big-ip_access_policy_managerRange13.0.013.1.2
OR
f5big-ip_access_policy_managerMatch14.0.0
OR
f5big-ip_access_policy_managerMatch14.1.0
Node
f5big-ip_application_security_managerRange12.1.312.1.4
OR
f5big-ip_application_security_managerRange13.0.013.1.2
OR
f5big-ip_application_security_managerMatch14.0.0
OR
f5big-ip_application_security_managerMatch14.1.0
Node
f5big-ip_edge_gatewayRange12.1.312.1.4
OR
f5big-ip_edge_gatewayRange13.0.013.1.2
OR
f5big-ip_edge_gatewayMatch14.0.0
OR
f5big-ip_edge_gatewayMatch14.1.0
Node
f5big-ip_fraud_protection_serviceRange12.1.312.1.4
OR
f5big-ip_fraud_protection_serviceRange13.0.013.1.2
OR
f5big-ip_fraud_protection_serviceMatch14.0.0
OR
f5big-ip_fraud_protection_serviceMatch14.1.0
Node
f5big-ip_global_traffic_managerRange12.1.312.1.4
OR
f5big-ip_global_traffic_managerRange13.0.013.1.2
OR
f5big-ip_global_traffic_managerMatch14.0.0
OR
f5big-ip_global_traffic_managerMatch14.1.0
Node
f5big-ip_link_controllerRange12.1.312.1.4
OR
f5big-ip_link_controllerRange13.0.013.1.2
OR
f5big-ip_link_controllerMatch14.0.0
OR
f5big-ip_link_controllerMatch14.1.0
Node
f5big-ip_policy_enforcement_managerRange12.1.312.1.4
OR
f5big-ip_policy_enforcement_managerRange13.0.013.1.2
OR
f5big-ip_policy_enforcement_managerMatch14.0.0
OR
f5big-ip_policy_enforcement_managerMatch14.1.0
Node
f5big-ip_webacceleratorRange12.1.312.1.4
OR
f5big-ip_webacceleratorRange13.0.013.1.2
OR
f5big-ip_webacceleratorMatch14.0.0
OR
f5big-ip_webacceleratorMatch14.1.0
Node
f5big-ip_domain_name_systemRange12.1.312.1.4
OR
f5big-ip_domain_name_systemRange13.0.013.1.2
OR
f5big-ip_domain_name_systemMatch14.0.0
OR
f5big-ip_domain_name_systemMatch14.1.0
VendorProductVersionCPE
f5big-ip_local_traffic_manager*cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
f5big-ip_local_traffic_manager14.0.0cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0:*:*:*:*:*:*:*
f5big-ip_local_traffic_manager14.1.0cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager14.0.0cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager14.1.0cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager14.0.0cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager14.1.0cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*
f5big-ip_analytics*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 391

CNA Affected

[
  {
    "product": "BIG-IP",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4"
      }
    ]
  }
]

Social References

More

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

60.2%