Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL95434410.NASLHistoryJul 02, 2019 - 12:00 a.m.
F5 Networks BIG-IP : TMM vulnerability (K95434410)
2019-07-0200:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
45.6%
Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane. (CVE-2019-6629)
Impact
Traffic processing is disrupted while the Traffic Management Microkernel (TMM) restarts. If the affected F5 device is configured as part of a device group, the system will trigger a failover to the peer device.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K95434410.
#
# The text description of this plugin is (C) F5 Networks.
#
include('compat.inc');
if (description)
{
script_id(126410);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/13");
script_cve_id("CVE-2019-6629");
script_name(english:"F5 Networks BIG-IP : TMM vulnerability (K95434410)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"Undisclosed SSL traffic to a virtual server configured with a Client
SSL profile may cause TMM to fail and restart. The Client SSL profile
must have session tickets enabled and use DHE cipher suites to be
affected. This only impacts the data plane, there is no impact to the
control plane. (CVE-2019-6629)
Impact
Traffic processing is disrupted while the Traffic Management
Microkernel (TMM) restarts. If the affected F5 device is configured as
part of a device group, the system will trigger a failover to the peer
device.");
script_set_attribute(attribute:"see_also", value:"https://my.f5.com/manage/s/article/K95434410");
script_set_attribute(attribute:"solution", value:
"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K95434410.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6629");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/03");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/02");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_domain_name_system");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"F5 Networks Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include('f5_func.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var version = get_kb_item('Host/BIG-IP/version');
if ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');
if ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');
if ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
var sol = 'K95434410';
var vmatrix = {
'AFM': {
'affected': [
'14.1.0.1-14.1.0.5'
],
'unaffected': [
'15.0.0','14.1.0.6'
],
},
'AM': {
'affected': [
'14.1.0.1-14.1.0.5'
],
'unaffected': [
'15.0.0','14.1.0.6'
],
},
'APM': {
'affected': [
'14.1.0.1-14.1.0.5'
],
'unaffected': [
'15.0.0','14.1.0.6'
],
},
'ASM': {
'affected': [
'14.1.0.1-14.1.0.5'
],
'unaffected': [
'15.0.0','14.1.0.6'
],
},
'AVR': {
'affected': [
'14.1.0.1-14.1.0.5'
],
'unaffected': [
'15.0.0','14.1.0.6'
],
},
'DNS': {
'affected': [
'14.1.0.1-14.1.0.5'
],
'unaffected': [
'15.0.0','14.1.0.6'
],
},
'GTM': {
'affected': [
'14.1.0.1-14.1.0.5'
],
'unaffected': [
'15.0.0','14.1.0.6'
],
},
'LC': {
'affected': [
'14.1.0.1-14.1.0.5'
],
'unaffected': [
'15.0.0','14.1.0.6'
],
},
'LTM': {
'affected': [
'14.1.0.1-14.1.0.5'
],
'unaffected': [
'15.0.0','14.1.0.6'
],
},
'PEM': {
'affected': [
'14.1.0.1-14.1.0.5'
],
'unaffected': [
'15.0.0','14.1.0.6'
],
},
'WAM': {
'affected': [
'14.1.0.1-14.1.0.5'
],
'unaffected': [
'15.0.0','14.1.0.6'
],
}
};
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
var extra = NULL;
if (report_verbosity > 0) extra = bigip_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
}
else
{
var tested = bigip_get_tested_modules();
var audit_extra = 'For BIG-IP module(s) ' + tested + ',';
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, 'running any of the affected modules');
}
Related
cvelist
cvelist
CVE-2019-6629
2019-07-03 17:50:02
prion
prion
Code injection
2019-07-03 18:15:00
cve
cve
CVE-2019-6629
2019-07-03 18:15:10
f5
f5
K95434410 : TMM vulnerability CVE-2019-6629
2019-07-01 00:00:00
nvd
nvd
CVE-2019-6629
2019-07-03 18:15:10
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
45.6%
Related for F5_BIGIP_SOL95434410.NASL