Lucene search

F5F5:K31152411

HistorySep 24, 2019 - 12:00 a.m.

K31152411 : BIG-IP Analytics vulnerability CVE-2019-6655

2019-09-2400:00:00

my.f5.com

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON

Security Advisory Description

BIG-IP platforms provisioned with AAM, AFM, Application Visibility and Reporting (AVR), APM, ASM, and/or PEM may leak sensitive data. (CVE-2019-6655)

Impact

BIG-IP (AAM, AFM, AVR, APM, ASM, PEM)

The vulnerability is only present on BIG-IP systems provisioned with AAM, AFM, AVR, APM, ASM, and/or PEM on the following interfaces:

Management Interface in versions prior to 14.0.0.
Self IP addresses with Port Lockdown configured asAllow All.

Note: The default setting forPort LockdownisAllow None.

In both of these configurations, a malicious actor may be able to connect to the affected interface to extract sensitive information on the system, including but not limited to, client and server IP addresses, client request URIs, and metadata for attacks detected by the system.

BIG-IP (LTM, DNS, Edge Gateway, FPS, GTM, Link Controller, WebAccelerator), BIG-IQ, Enterprise Manager, and F5 iWorkflow / Traffix SDC

There is no impact; these F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-ip afmeq11.5.10
big-ip afmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2

Rows per page:

1-10 of 2821