Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-110588
HistorySep 25, 2019 - 12:00 a.m.

F5 BIG-IQ Centralized Management CVE-2019-6653 HTML Injection Vulnerability

2019-09-2500:00:00
Symantec Security Response
www.symantec.com
10

EPSS

0.001

Percentile

22.7%

JSON

Description

F5 BIG-IQ Centralized Management is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

Technologies Affected

  • F5 BIG-IQ Centralized Management 5.2.0
  • F5 BIG-IQ Centralized Management 5.3.0
  • F5 BIG-IQ Centralized Management 5.4.0
  • F5 BIG-IQ Centralized Management 6.0.0
  • F5 BIG-IQ Centralized Management 6.0.1
  • F5 BIG-IQ Centralized Management 6.1.0

Recommendations

Block external access at the network boundary, unless external parties require service.
Use access controls to regulate external access to all services that are not intended to be publicly available.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.

Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.

Set web browser security to disable the execution of script code or active content.
Since a successful exploit of the issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.

Updates are available. Please see the references or vendor advisory for more information.

References

Related

f5 1
prion 1
cve 1
cvelist 1
nvd 1
f5
f5
K71712132 : BIG-IQ vulnerability CVE-2019-6653
2019-09-24 00:00:00
prion
prion
Cross site scripting
2019-09-25 18:15:00
cve
cve
CVE-2019-6653
2019-09-25 18:15:13
cvelist
cvelist
CVE-2019-6653
2019-09-25 18:00:09
nvd
nvd
CVE-2019-6653
2019-09-25 18:15:13

EPSS

0.001

Percentile

22.7%

JSON
Related for SMNTC-110588
f51prion1cve1cvelist1nvd1