K40443301 : SNMP vulnerability CVE-2019-6640

2019-07-0100:00:00

my.f5.com

5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

Security Advisory Description

SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2. (CVE-2019-6640)

Impact

An attacker with direct SNMP access to a BIG-IP system, or an attacker with a privileged network position (man-in-the-middle) may be able to obtain the passphrases used within configuration profiles. Default configurations do not expose this issue; remote SNMP access is disallowed by default.

CPENameOperatorVersion
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2

Rows per page:

1-10 of 2271