Search...

CVE-2019-6684

2019-12-23T18:15:00

ID CVE-2019-6684
Type cve
Reporter cve@mitre.org
Modified 2020-08-24T17:37:00

Description

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of fragmentation-based attack.

JSON Vulners Source

Initial Source

{"id": "CVE-2019-6684", "bulletinFamily": "NVD", "title": "CVE-2019-6684", "description": "On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of fragmentation-based attack.", "published": "2019-12-23T18:15:00", "modified": "2020-08-24T17:37:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6684", "reporter": "cve@mitre.org", "references": ["https://support.f5.com/csp/article/K95117754"], "cvelist": ["CVE-2019-6684"], "type": "cve", "lastseen": "2020-12-09T21:41:56", "edition": 16, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K95117754"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL95117754.NASL"]}], "modified": "2020-12-09T21:41:56", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2020-12-09T21:41:56", "rev": 2}, "vulnersScore": 3.8}, "cpe": ["cpe:/a:f5:big-ip_fraud_protection_service:12.1.5", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.5", "cpe:/a:f5:big-ip_access_policy_manager:12.1.5", "cpe:/a:f5:big-ip_access_policy_manager:11.6.5", "cpe:/a:f5:big-ip_domain_name_system:12.1.5", "cpe:/a:f5:big-ip_link_controller:12.1.5", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.5", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.5", "cpe:/a:f5:big-ip_domain_name_system:11.6.5", "cpe:/a:f5:big-ip_link_controller:11.6.5", "cpe:/a:f5:big-ip_fraud_protection_service:11.6.5", "cpe:/a:f5:big-ip_application_acceleration_manager:11.6.5", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.5", "cpe:/a:f5:big-ip_analytics:11.6.5", "cpe:/a:f5:big-ip_application_security_manager:12.1.5", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.5", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.5", "cpe:/a:f5:big-ip_local_traffic_manager:11.6.5", "cpe:/a:f5:big-ip_analytics:12.1.5", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.5", "cpe:/a:f5:big-ip_application_security_manager:11.6.5", "cpe:/a:f5:big-ip_global_traffic_manager:11.6.5"], "affectedSoftware": [{"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "lt", "version": "13.1.3.2"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "lt", "version": "14.1.2.3"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "le", "version": "12.1.5"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "le", "version": "12.1.5"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "lt", "version": "15.1.0"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "lt", "version": "13.1.3.2"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "lt", "version": "13.1.3.2"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "lt", "version": "13.1.3.2"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "le", "version": "11.6.5"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "lt", "version": "13.1.3.2"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "le", "version": "12.1.5"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "lt", "version": "14.1.2.3"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "le", "version": "11.6.5"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "lt", "version": "14.1.2.3"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "le", "version": "12.1.5"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "lt", "version": "13.1.3.2"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "le", "version": "12.1.5"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "le", "version": "12.1.5"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "lt", "version": "14.1.2.3"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "lt", "version": "13.1.3.2"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "lt", "version": "14.1.2.3"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "le", "version": "11.6.5"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "lt", "version": "15.1.0"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "le", "version": "11.6.5"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "le", "version": "11.6.5"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "lt", "version": "15.1.0"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "lt", "version": "15.1.0"}, {"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "lt", "version": "15.1.0"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "lt", "version": "15.1.0"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "le", "version": "11.6.5"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "lt", "version": "14.1.2.3"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "lt", "version": "15.1.0"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "le", "version": "12.1.5"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "le", "version": "11.6.5"}, {"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "lt", "version": "14.1.2.3"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "lt", "version": "15.1.0"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "le", "version": "11.6.5"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "lt", "version": "14.1.2.3"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "lt", "version": "15.1.0"}, {"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "le", "version": "12.1.5"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "lt", "version": "13.1.3.2"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "lt", "version": "14.1.2.3"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "le", "version": "12.1.5"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "lt", "version": "13.1.3.2"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "le", "version": "12.1.5"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "lt", "version": "14.1.2.3"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "lt", "version": "14.1.2.3"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "le", "version": "11.6.5"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "le", "version": "11.6.5"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "lt", "version": "15.1.0"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "lt", "version": "13.1.3.2"}, {"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "le", "version": "11.6.5"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "lt", "version": "15.1.0"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "lt", "version": "13.1.3.2"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "le", "version": "12.1.5"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.5:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:11.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.3.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.0:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.5:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:14.1.2.3:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.5:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.2.3:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.2.3:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.5:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.0:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.3.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:15.1.0:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.0:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.0:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.3.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.5:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:14.1.2.3:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.2.3:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.5:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.0:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.3.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:15.1.0:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.0:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.3:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.2.3:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.2.3:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.3.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.3.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.3.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.2.3:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.5:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.2.3:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:11.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.2.3:*:*:*:*:*:*:*", "versionEndExcluding": "14.1.2.3", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.0:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.3.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.1.5:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:12.1.5:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.5:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:13.1.3.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.5:*:*:*:*:*:*:*", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:13.1.3.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.1.3.2", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.5.2", "vulnerable": true}], "operator": "OR"}]}}

{"f5": [{"lastseen": "2020-04-06T22:40:36", "bulletinFamily": "software", "cvelist": ["CVE-2019-6684"], "description": "\nF5 Product Development has assigned ID 761144 (BIG-IP) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) | 15.x | 15.0.0 - 15.0.1 | 15.1.0 \n15.0.1.3 | Medium | [4.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | TMM \n14.x | 14.0.0 - 14.1.2 | 14.1.2.3 \n13.x | 13.0.0 - 13.1.3 | 13.1.3.2 \n12.x | 12.1.0 - 12.1.5 | 12.1.5.1 \n11.x | 11.5.2 - 11.6.5 | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable | None | None \n5.x | None | Not applicable \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 15.x)](<https://support.f5.com/csp/article/K13123>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2020-03-27T17:22:00", "published": "2019-12-20T23:08:00", "id": "F5:K95117754", "href": "https://support.f5.com/csp/article/K95117754", "title": "TMM vulnerability CVE-2019-6684", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-06-24T09:33:39", "description": "Under certain conditions, a multi-bladed BIG-IP Virtual Clustered\nMultiprocessing (vCMP) may drop broadcast packets when they are\nrebroadcast to the vCMP guest secondary blades. An attacker can\nleverage the fragmented broadcast IP packets to perform any type of\nfragmentation-based attack. (CVE-2019-6684)\n\nImpact\n\nA remote attacker may cause the Traffic Management Microkernel (TMM)\nto restart using maliciously constructed broadcast IP fragments.This\nissue occurs on multi-blade chassis, including multi-blade vCMP\nguests. This issue does not occur on single-bladed systems, on BIG-IP\nVirtual Edition (VE), or on single-bladed vCMP guests.", "edition": 7, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-12-31T00:00:00", "title": "F5 Networks BIG-IP : TMM vulnerability (K95117754)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6684"], "modified": "2019-12-31T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL95117754.NASL", "href": "https://www.tenable.com/plugins/nessus/132582", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K95117754.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132582);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2019-6684\");\n\n script_name(english:\"F5 Networks BIG-IP : TMM vulnerability (K95117754)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Under certain conditions, a multi-bladed BIG-IP Virtual Clustered\nMultiprocessing (vCMP) may drop broadcast packets when they are\nrebroadcast to the vCMP guest secondary blades. An attacker can\nleverage the fragmented broadcast IP packets to perform any type of\nfragmentation-based attack. (CVE-2019-6684)\n\nImpact\n\nA remote attacker may cause the Traffic Management Microkernel (TMM)\nto restart using maliciously constructed broadcast IP fragments.This\nissue occurs on multi-blade chassis, including multi-blade vCMP\nguests. This issue does not occur on single-bladed systems, on BIG-IP\nVirtual Edition (VE), or on single-bladed vCMP guests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K95117754\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K95117754.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K95117754\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"15.0.0-15.0.1\",\"14.0.0-14.1.2\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1.3\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.1\",\"11.6.5.2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"15.0.0-15.0.1\",\"14.0.0-14.1.2\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1.3\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.1\",\"11.6.5.2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"15.0.0-15.0.1\",\"14.0.0-14.1.2\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1.3\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.1\",\"11.6.5.2\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"15.0.0-15.0.1\",\"14.0.0-14.1.2\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1.3\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.1\",\"11.6.5.2\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"15.0.0-15.0.1\",\"14.0.0-14.1.2\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1.3\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.1\",\"11.6.5.2\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"15.0.0-15.0.1\",\"14.0.0-14.1.2\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1.3\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.1\",\"11.6.5.2\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"15.0.0-15.0.1\",\"14.0.0-14.1.2\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1.3\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.1\",\"11.6.5.2\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"15.0.0-15.0.1\",\"14.0.0-14.1.2\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1.3\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.1\",\"11.6.5.2\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"15.0.0-15.0.1\",\"14.0.0-14.1.2\",\"13.0.0-13.1.3\",\"12.1.0-12.1.5\",\"11.5.2-11.6.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1.3\",\"14.1.2.3\",\"13.1.3.2\",\"12.1.5.1\",\"11.6.5.2\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}