K87920510 : BIG-IP mcpd vulnerability CVE-2019-6647

2019-08-0800:00:00

my.f5.com

0.001 Low

EPSS

Percentile

39.7%

JSON

Security Advisory Description

When processing authentication attempts for control-plane users, mcpd leaks a small amount of memory. Under rare conditions, attackers with access to the management interface can eventually deplete memory on the system. (CVE-2019-6647)

Impact

Repeated failed authentication attempts progressively increase memory usage, potentially leading to a fail-over event when memory is exhausted. The rate of memory use increase is small, but an attack at scale may trigger low-memory conditions eventually depleting memory and affecting the operation of the Traffic Management Microkernel (TMM) and other components.

CPENameOperatorVersion
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2

Rows per page:

1-10 of 2931

0.001 Low

EPSS

Percentile

39.7%

JSON

Related for F5:K87920510