Lucene search

K
cvelistF5CVELIST:CVE-2019-6644
HistorySep 04, 2019 - 4:58 p.m.

CVE-2019-6644

2019-09-0416:58:45
f5
www.cve.org
5

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

60.2%

Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.

CNA Affected

[
  {
    "product": "BIG-IP",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4"
      }
    ]
  }
]

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

60.2%