Search...

BIG-IP Configuration utility vulnerability CVE-2019-6597

2019-03-12T01:02:00

ID F5:K29280193
Type f5
Reporter f5
Modified 2019-09-26T19:29:00

Description

F5 Product Development has assigned ID 699452 (BIG-IP) and ID 701891 (Enterprise Manager) to this vulnerability. Additionally, F5 iHealth may list Heuristic H29280193 on the Diagnostics > Identified > Medium page.

To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table.

Product | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature
---|---|---|---|---|---|---
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | None | 14.0.0 | Medium | 6.6 | Configuration utility
13.x | 13.0.0 - 13.1.1 | 13.1.1.2
12.x | 12.1.0 - 12.1.3 | 12.1.4
11.x | 11.6.1 - 11.6.3
11.5.1 - 11.5.8 | 11.6.3.3
11.5.9
Enterprise Manager | 3.x | 3.1.1 | None | Medium | 6.6 | Configuration utility
BIG-IQ Centralized Management | 5.x | None | Not applicable | Not vulnerable | None | None
4.x | None | Not applicable
F5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None
Traffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None
4.x | None | Not applicable

1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.

F5 will not develop a fix for vulnerable products that do not already have a fixed version listed in this article, and will not update this table with subsequent vulnerable releases in the associated branches. F5 recommends that you update to more recent, non-vulnerable versions whenever feasible. For more information, refer to K4602: Overview of the F5 security vulnerability response policy.

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Fixes introduced in column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

Mitigation

None

K51812227: Understanding Security Advisory versioning

K41942608: Overview of Security Advisory articles

K4918: Overview of the F5 critical issue hotfix policy

K9502: BIG-IP hotfix and point release matrix

K167: Downloading software and firmware from F5

K9970: Subscribing to email notifications regarding F5 products

K9957: Creating a custom RSS feed to view new and updated documents

JSON Vulners Source

Initial Source

{"id": "F5:K29280193", "bulletinFamily": "software", "title": "BIG-IP Configuration utility vulnerability CVE-2019-6597", "description": "\nF5 Product Development has assigned ID 699452 (BIG-IP) and ID 701891 (Enterprise Manager) to this vulnerability. Additionally, [F5 iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H29280193 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | None | 14.0.0 | Medium | [6.6](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>) | Configuration utility \n13.x | 13.0.0 - 13.1.1 | 13.1.1.2 \n12.x | 12.1.0 - 12.1.3 | 12.1.4 \n11.x | 11.6.1 - 11.6.3 \n11.5.1 - 11.5.8 | 11.6.3.3 \n11.5.9 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.6](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>) | Configuration utility \nBIG-IQ Centralized Management | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nF5 will not develop a fix for vulnerable products that do not already have a fixed version listed in this article, and will not update this table with subsequent vulnerable releases in the associated branches. F5 recommends that you update to more recent, non-vulnerable versions whenever feasible. For more information, refer to [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "published": "2019-03-12T01:02:00", "modified": "2019-09-26T19:29:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://support.f5.com/csp/article/K29280193", "reporter": "f5", "references": [], "cvelist": ["CVE-2019-6597"], "type": "f5", "lastseen": "2020-04-06T22:40:37", "edition": 1, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-6597"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL29280193.NASL"]}], "modified": "2020-04-06T22:40:37", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2020-04-06T22:40:37", "rev": 2}, "vulnersScore": 5.7}, "affectedSoftware": [], "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T07:13:03", "description": "In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.", "edition": 9, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-03-13T22:29:00", "title": "CVE-2019-6597", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-6597"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager:13.1.1.1", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.8", "cpe:/a:f5:big-ip_access_policy_manager:11.6.3.2", "cpe:/a:f5:big-ip_webaccelerator:13.1.1.1", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.3.7", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.3.7", "cpe:/a:f5:big-ip_global_traffic_manager:11.5.8", "cpe:/a:f5:big-ip_link_controller:11.6.3.2", "cpe:/a:f5:big-ip_fraud_protection_service:13.1.1.1", "cpe:/a:f5:big-ip_analytics:12.1.3.7", "cpe:/a:f5:big-ip_domain_name_system:11.5.8", "cpe:/a:f5:big-ip_access_policy_manager:12.1.3.7", "cpe:/a:f5:big-ip_access_policy_manager:11.5.8", "cpe:/a:f5:big-ip_edge_gateway:11.5.8", "cpe:/a:f5:big-ip_fraud_protection_service:11.5.8", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.3.2", "cpe:/a:f5:big-ip_webaccelerator:11.6.3.2", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.3.7", "cpe:/a:f5:big-ip_application_acceleration_manager:11.6.3.2", "cpe:/a:f5:big-ip_analytics:11.6.3.2", "cpe:/a:f5:big-ip_application_security_manager:11.5.8", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.3.7", "cpe:/a:f5:big-ip_application_security_manager:11.6.3.2", "cpe:/a:f5:big-ip_link_controller:13.1.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:13.1.1.1", "cpe:/a:f5:big-ip_webaccelerator:12.1.3.7", "cpe:/a:f5:big-ip_advanced_firewall_manager:13.1.1.1", "cpe:/a:f5:big-ip_application_acceleration_manager:13.1.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:11.6.3.2", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.8", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.3.2", "cpe:/a:f5:big-ip_edge_gateway:11.6.3.2", "cpe:/a:f5:big-ip_edge_gateway:12.1.3.7", "cpe:/a:f5:big-ip_fraud_protection_service:11.6.3.2", "cpe:/a:f5:big-ip_policy_enforcement_manager:13.1.1.1", "cpe:/a:f5:big-ip_analytics:11.5.8", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.3.7", "cpe:/a:f5:big-ip_domain_name_system:12.1.3.7", "cpe:/a:f5:big-ip_edge_gateway:13.1.1.1", "cpe:/a:f5:big-ip_application_security_manager:13.1.1.1", "cpe:/a:f5:big-ip_application_security_manager:12.1.3.7", "cpe:/a:f5:big-ip_analytics:13.1.1.1", "cpe:/a:f5:big-ip_application_acceleration_manager:11.5.8", "cpe:/a:f5:big-ip_domain_name_system:13.1.1.1", "cpe:/a:f5:big-ip_link_controller:12.1.3.7", "cpe:/a:f5:big-ip_webaccelerator:11.5.8", "cpe:/a:f5:big-ip_global_traffic_manager:11.6.3.2", "cpe:/a:f5:big-ip_link_controller:11.5.8", "cpe:/a:f5:enterprise_manager:3.1.1", "cpe:/a:f5:big-ip_domain_name_system:11.6.3.2", "cpe:/a:f5:big-ip_access_policy_manager:13.1.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:11.5.8", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.3.7"], "id": "CVE-2019-6597", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6597", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:13.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:11.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3.2:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2020-03-17T23:20:28", "description": "When authenticated administrative users run commands in the Traffic\nManagement User Interface (TMUI), also referred to as the BIG-IP\nConfiguration utility, restrictions on allowed commands may not be\nenforced. (CVE-2019-6597)\n\nImpact\n\nBIG-IP and Enterprise Manager\n\nThis vulnerability allows a privilege escalation for authenticated\nadministrative users.\n\nBIG-IQ, F5 iWorkflow, ARX, LineRate, and Traffix SDC\n\nThere is no impact; these F5 products are not affected by this\nvulnerability.", "edition": 7, "cvss3": {"score": 7.2, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K29280193)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6597"], "modified": "2019-03-12T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL29280193.NASL", "href": "https://www.tenable.com/plugins/nessus/122765", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K29280193.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122765);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2019-6597\");\n\n script_name(english:\"F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K29280193)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When authenticated administrative users run commands in the Traffic\nManagement User Interface (TMUI), also referred to as the BIG-IP\nConfiguration utility, restrictions on allowed commands may not be\nenforced. (CVE-2019-6597)\n\nImpact\n\nBIG-IP and Enterprise Manager\n\nThis vulnerability allows a privilege escalation for authenticated\nadministrative users.\n\nBIG-IQ, F5 iWorkflow, ARX, LineRate, and Traffix SDC\n\nThere is no impact; these F5 products are not affected by this\nvulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K29280193\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K29280193.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K29280193\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.1-11.6.3\",\"11.5.1-11.5.8\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.1.2\",\"12.1.4\",\"11.6.3.3\",\"11.5.9\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.1-11.6.3\",\"11.5.1-11.5.8\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.1.2\",\"12.1.4\",\"11.6.3.3\",\"11.5.9\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.1-11.6.3\",\"11.5.1-11.5.8\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.1.2\",\"12.1.4\",\"11.6.3.3\",\"11.5.9\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.1-11.6.3\",\"11.5.1-11.5.8\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.1.2\",\"12.1.4\",\"11.6.3.3\",\"11.5.9\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.1-11.6.3\",\"11.5.1-11.5.8\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.1.2\",\"12.1.4\",\"11.6.3.3\",\"11.5.9\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.1-11.6.3\",\"11.5.1-11.5.8\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.1.2\",\"12.1.4\",\"11.6.3.3\",\"11.5.9\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.1-11.6.3\",\"11.5.1-11.5.8\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.1.2\",\"12.1.4\",\"11.6.3.3\",\"11.5.9\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.1-11.6.3\",\"11.5.1-11.5.8\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.1.2\",\"12.1.4\",\"11.6.3.3\",\"11.5.9\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.1-11.6.3\",\"11.5.1-11.5.8\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.1.2\",\"12.1.4\",\"11.6.3.3\",\"11.5.9\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.1-11.6.3\",\"11.5.1-11.5.8\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.1.2\",\"12.1.4\",\"11.6.3.3\",\"11.5.9\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}