K26462555 : BIG-IP ASM and BIG-IQ/Enterprise Manager/F5 iWorkflow device authentication and trust vulnerability CVE-2019-6665

2019-11-2600:00:00

my.f5.com

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

Security Advisory Description

An attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic. (CVE-2019-6665)

Impact

BIG-IP ASM / BIG-IQ / Enterprise Manager / F5 iWorkflow

With access to the authentication token, the attacker will be able to impersonate the BIG-IP ASM Central Policy Builder and send corrupted or incorrect suggestion data to the BIG-IQ/Enterprise Manager/F5 iWorkflow. This may lead to incorrect policy building suggestions or a partial denial-of-service (DoS).

BIG-IP (LTM, AAM, AFM, Analytics, APM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) / Traffix SDC

There is no impact; these F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0

Rows per page:

1-10 of 3131