Lucene search

[email protected]NVD:CVE-2019-6684

HistoryDec 23, 2019 - 6:15 p.m.

CVE-2019-6684

2019-12-2318:15:11

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.7%

JSON

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of fragmentation-based attack.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerRange11.5.2–11.6.5

f5big-ip_access_policy_managerRange12.1.0–12.1.5

f5big-ip_access_policy_managerRange13.0.0–13.1.3.2

f5big-ip_access_policy_managerRange14.0.0–14.1.2.3

f5big-ip_access_policy_managerRange15.0.0–15.1.0

f5big-ip_advanced_firewall_managerRange11.5.2–11.6.5

f5big-ip_advanced_firewall_managerRange12.1.0–12.1.5

f5big-ip_advanced_firewall_managerRange13.0.0–13.1.3.2

f5big-ip_advanced_firewall_managerRange14.0.0–14.1.2.3

f5big-ip_advanced_firewall_managerRange15.0.0–15.1.0

f5big-ip_analyticsRange11.5.2–11.6.5

f5big-ip_analyticsRange12.1.0–12.1.5

f5big-ip_analyticsRange13.0.0–13.1.3.2

f5big-ip_analyticsRange14.0.0–14.1.2.3

f5big-ip_analyticsRange15.0.0–15.1.0

f5big-ip_application_acceleration_managerRange11.5.2–11.6.5

f5big-ip_application_acceleration_managerRange12.1.0–12.1.5

f5big-ip_application_acceleration_managerRange13.0.0–13.1.3.2

f5big-ip_application_acceleration_managerRange14.0.0–14.1.2.3

f5big-ip_application_acceleration_managerRange15.0.0–15.1.0

f5big-ip_application_security_managerRange11.5.2–11.6.5

f5big-ip_application_security_managerRange12.1.0–12.1.5

f5big-ip_application_security_managerRange13.0.0–13.1.3.2

f5big-ip_application_security_managerRange14.0.0–14.1.2.3

f5big-ip_application_security_managerRange15.0.0–15.1.0

f5big-ip_domain_name_systemRange11.5.2–11.6.5

f5big-ip_domain_name_systemRange12.1.0–12.1.5

f5big-ip_domain_name_systemRange13.0.0–13.1.3.2

f5big-ip_domain_name_systemRange14.0.0–14.1.2.3

f5big-ip_domain_name_systemRange15.0.0–15.1.0

f5big-ip_fraud_protection_serviceRange11.5.2–11.6.5

f5big-ip_fraud_protection_serviceRange12.1.0–12.1.5

f5big-ip_fraud_protection_serviceRange13.0.0–13.1.3.2

f5big-ip_fraud_protection_serviceRange14.0.0–14.1.2.3

f5big-ip_fraud_protection_serviceRange15.0.0–15.1.0

f5big-ip_global_traffic_managerRange11.5.2–11.6.5

f5big-ip_global_traffic_managerRange12.1.0–12.1.5

f5big-ip_global_traffic_managerRange13.0.0–13.1.3.2

f5big-ip_global_traffic_managerRange14.0.0–14.1.2.3

f5big-ip_global_traffic_managerRange15.0.0–15.1.0

f5big-ip_link_controllerRange11.5.2–11.6.5

f5big-ip_link_controllerRange12.1.0–12.1.5

f5big-ip_link_controllerRange13.0.0–13.1.3.2

f5big-ip_link_controllerRange14.0.0–14.1.2.3

f5big-ip_link_controllerRange15.0.0–15.1.0

f5big-ip_local_traffic_managerRange11.5.2–11.6.5

f5big-ip_local_traffic_managerRange12.1.0–12.1.5

f5big-ip_local_traffic_managerRange13.0.0–13.1.3.2

f5big-ip_local_traffic_managerRange14.0.0–14.1.2.3

f5big-ip_local_traffic_managerRange15.0.0–15.1.0

f5big-ip_policy_enforcement_managerRange11.5.2–11.6.5

f5big-ip_policy_enforcement_managerRange12.1.0–12.1.5

f5big-ip_policy_enforcement_managerRange13.0.0–13.1.3.2

f5big-ip_policy_enforcement_managerRange14.0.0–14.1.2.3

f5big-ip_policy_enforcement_managerRange15.0.0–15.1.0

References

support.f5.com/csp/article/K95117754

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.7%

JSON

Related for NVD:CVE-2019-6684

prion1 cve1 cvelist1 nessus1 f51