K27400151 : SNMP vulnerability CVE-2019-6613

2019-04-3000:00:00

my.f5.com

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.2%

JSON

Security Advisory Description

SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types and is accessed using SNMPv2. (CVE-2019-6613)

Impact

An attacker with direct SNMP access to a BIG-IP system or an attacker with a privileged network position (Man-in-the-Middle) may be able to obtain the passphrases used within configuration profiles. Default configurations would not expose this issue, as remote SNMP access is disallowed by default.

CPENameOperatorVersion
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2

Rows per page:

1-10 of 2351