Multiple F5 BIG-IP Products CVE-2019-6647 Memory Leak Denial of Service Vulnerability

Description

Multiple F5 BIG-IP Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause excessive memory consumption; resulting in denial-of-service conditions.

Technologies Affected

• F5 BIG-IP AAM 11.5.1
• F5 BIG-IP AAM 11.6.4
• F5 BIG-IP AAM 12.1.0
• F5 BIG-IP AAM 12.1.4
• F5 BIG-IP AAM 13.0.0
• F5 BIG-IP AAM 13.1.1
• F5 BIG-IP AAM 14.0.0
• F5 BIG-IP AAM 14.1.0
• F5 BIG-IP AFM 11.5.1
• F5 BIG-IP AFM 11.6.4
• F5 BIG-IP AFM 12.1.0
• F5 BIG-IP AFM 12.1.4
• F5 BIG-IP AFM 13.0.0
• F5 BIG-IP AFM 13.1.1
• F5 BIG-IP AFM 14.0.0
• F5 BIG-IP AFM 14.1.0
• F5 BIG-IP APM 11.5.1
• F5 BIG-IP APM 11.6.4
• F5 BIG-IP APM 12.1.0
• F5 BIG-IP APM 12.1.4
• F5 BIG-IP APM 13.0.0
• F5 BIG-IP APM 13.1.1
• F5 BIG-IP APM 14.0.0
• F5 BIG-IP APM 14.1.0
• F5 BIG-IP ASM 11.5.1
• F5 BIG-IP ASM 11.6.4
• F5 BIG-IP ASM 12.1.0
• F5 BIG-IP ASM 12.1.4
• F5 BIG-IP ASM 13.0.0
• F5 BIG-IP ASM 13.1.1
• F5 BIG-IP ASM 14.0.0
• F5 BIG-IP ASM 14.1.0
• F5 BIG-IP Analytics 11.5.1
• F5 BIG-IP Analytics 11.6.4
• F5 BIG-IP Analytics 12.1.0
• F5 BIG-IP Analytics 12.1.4
• F5 BIG-IP Analytics 13.0.0
• F5 BIG-IP Analytics 13.1.1
• F5 BIG-IP Analytics 14.0.0
• F5 BIG-IP Analytics 14.1.0
• F5 BIG-IP DNS 11.5.1
• F5 BIG-IP DNS 11.6.4
• F5 BIG-IP DNS 12.1.0
• F5 BIG-IP DNS 12.1.4
• F5 BIG-IP DNS 13.0.0
• F5 BIG-IP DNS 13.1.1
• F5 BIG-IP DNS 14.0.0
• F5 BIG-IP DNS 14.1.0
• F5 BIG-IP Edge Gateway 11.5.1
• F5 BIG-IP Edge Gateway 11.6.4
• F5 BIG-IP Edge Gateway 12.1.0
• F5 BIG-IP Edge Gateway 12.1.4
• F5 BIG-IP Edge Gateway 13.1.1
• F5 BIG-IP Edge Gateway 14.0.0
• F5 BIG-IP Edge Gateway 14.1.0
• F5 BIG-IP FPS 11.5.1
• F5 BIG-IP FPS 11.6.4
• F5 BIG-IP FPS 12.1.0
• F5 BIG-IP FPS 12.1.4
• F5 BIG-IP FPS 13.0.0
• F5 BIG-IP FPS 13.1.1
• F5 BIG-IP FPS 14.0.0
• F5 BIG-IP FPS 14.1.0
• F5 BIG-IP GTM 11.5.1
• F5 BIG-IP GTM 11.6.4
• F5 BIG-IP GTM 12.1.0
• F5 BIG-IP GTM 12.1.4
• F5 BIG-IP GTM 13.0.0
• F5 BIG-IP GTM 13.1.1
• F5 BIG-IP GTM 14.0.0
• F5 BIG-IP GTM 14.1.0
• F5 BIG-IP LTM 11.5.1
• F5 BIG-IP LTM 11.6.4
• F5 BIG-IP LTM 12.1.0
• F5 BIG-IP LTM 12.1.4
• F5 BIG-IP LTM 13.0.0
• F5 BIG-IP LTM 13.1.1
• F5 BIG-IP LTM 14.0.0
• F5 BIG-IP LTM 14.1.0
• F5 BIG-IP Link Controller 11.5.1
• F5 BIG-IP Link Controller 11.6.4
• F5 BIG-IP Link Controller 12.1.0
• F5 BIG-IP Link Controller 12.1.4
• F5 BIG-IP Link Controller 13.0.0
• F5 BIG-IP Link Controller 13.1.1
• F5 BIG-IP Link Controller 14.0.0
• F5 BIG-IP Link Controller 14.1.0
• F5 BIG-IP PEM 11.5.1
• F5 BIG-IP PEM 11.6.4
• F5 BIG-IP PEM 12.1.0
• F5 BIG-IP PEM 12.1.4
• F5 BIG-IP PEM 13.0.0
• F5 BIG-IP PEM 13.1.1
• F5 BIG-IP PEM 14.0.0
• F5 BIG-IP PEM 14.1.0
• F5 BIG-IP WebAccelerator 11.5.1
• F5 BIG-IP WebAccelerator 11.6.4
• F5 BIG-IP WebAccelerator 12.1.0
• F5 BIG-IP WebAccelerator 12.1.4
• F5 BIG-IP WebAccelerator 13.0.0
• F5 BIG-IP WebAccelerator 13.1.1
• F5 BIG-IP WebAccelerator 14.0.0
• F5 BIG-IP WebAccelerator 14.1.0

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit.

Updates are available. Please see the references or vendor advisory for more information.