K55655944 : BIG-IP Engineering Hotfix authentication bypass vulnerability CVE-2019-6675

2019-11-2500:00:00

my.f5.com

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.1%

JSON

Security Advisory Description

BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue only impacts specific engineering hotfixes using the aforementioned authentication configuration. (CVE-2019-6675)

Impact

Remote users authenticating to the BIG-IP system using LDAP, Active Directory, or Client Certificate LDAP are able to log in with incorrect credentials resulting in a complete compromise of the BIG-IP system.

Important: This vulnerability impacts only BIG-IP Engineering Hotfixes you obtained from F5 Support. Refer to the table in the following section for the list of affected versions. To verify if you are running an affected version from this list, perform the procedure in theRecommended Actions section. This vulnerability does not affect any of the BIG-IP major, minor, or maintenance releases you obtained from downloads.f5.com.

CPENameOperatorVersion
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-ip afmeq11.5.10
big-ip afmeq11.5.2
big-ip afmeq11.5.3

Name	Operator	Version
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3

Rows per page:

1-10 of 2711