Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-6654

On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses.

Published

2019-09-25T19:15:10.767

Last Modified

2024-11-21T04:46:53.507

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:N/I:P/A:N

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

6.5

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application f5 big-ip_local_traffic_manager ≤ 11.6.5 Yes
Application f5 big-ip_local_traffic_manager ≤ 12.1.5 Yes
Application f5 big-ip_local_traffic_manager ≤ 13.1.3 Yes
Application f5 big-ip_local_traffic_manager ≤ 14.1.2 Yes
Application f5 big-ip_advanced_firewall_manager ≤ 11.6.5 Yes
Application f5 big-ip_advanced_firewall_manager ≤ 12.1.5 Yes
Application f5 big-ip_advanced_firewall_manager ≤ 13.1.3 Yes
Application f5 big-ip_advanced_firewall_manager ≤ 14.1.2 Yes
Application f5 big-ip_application_acceleration_manager ≤ 11.6.5 Yes
Application f5 big-ip_application_acceleration_manager ≤ 12.1.5 Yes
Application f5 big-ip_application_acceleration_manager ≤ 13.1.3 Yes
Application f5 big-ip_application_acceleration_manager ≤ 14.1.2 Yes
Application f5 big-ip_analytics ≤ 11.6.5 Yes
Application f5 big-ip_analytics ≤ 12.1.5 Yes
Application f5 big-ip_analytics ≤ 13.1.3 Yes
Application f5 big-ip_analytics ≤ 14.1.2 Yes
Application f5 big-ip_access_policy_manager ≤ 11.6.5 Yes
Application f5 big-ip_access_policy_manager ≤ 12.1.5 Yes
Application f5 big-ip_access_policy_manager ≤ 13.1.3 Yes
Application f5 big-ip_access_policy_manager ≤ 14.1.2 Yes
Application f5 big-ip_application_security_manager ≤ 11.6.5 Yes
Application f5 big-ip_application_security_manager ≤ 12.1.5 Yes
Application f5 big-ip_application_security_manager ≤ 13.1.3 Yes
Application f5 big-ip_application_security_manager ≤ 14.1.2 Yes
Application f5 big-ip_edge_gateway ≤ 11.6.5 Yes
Application f5 big-ip_edge_gateway ≤ 12.1.5 Yes
Application f5 big-ip_edge_gateway ≤ 13.1.3 Yes
Application f5 big-ip_edge_gateway ≤ 14.1.2 Yes
Application f5 big-ip_fraud_protection_service ≤ 11.6.5 Yes
Application f5 big-ip_fraud_protection_service ≤ 12.1.5 Yes
Application f5 big-ip_fraud_protection_service ≤ 13.1.3 Yes
Application f5 big-ip_fraud_protection_service ≤ 14.1.2 Yes
Application f5 big-ip_global_traffic_manager ≤ 11.6.5 Yes
Application f5 big-ip_global_traffic_manager ≤ 12.1.5 Yes
Application f5 big-ip_global_traffic_manager ≤ 13.1.3 Yes
Application f5 big-ip_global_traffic_manager ≤ 14.1.2 Yes
Application f5 big-ip_link_controller ≤ 11.6.5 Yes
Application f5 big-ip_link_controller ≤ 12.1.5 Yes
Application f5 big-ip_link_controller ≤ 13.1.3 Yes
Application f5 big-ip_link_controller ≤ 14.1.2 Yes
Application f5 big-ip_policy_enforcement_manager ≤ 11.6.5 Yes
Application f5 big-ip_policy_enforcement_manager ≤ 12.1.5 Yes
Application f5 big-ip_policy_enforcement_manager ≤ 13.1.3 Yes
Application f5 big-ip_policy_enforcement_manager ≤ 14.1.2 Yes
Application f5 big-ip_webaccelerator ≤ 11.6.5 Yes
Application f5 big-ip_webaccelerator ≤ 12.1.5 Yes
Application f5 big-ip_webaccelerator ≤ 13.1.3 Yes
Application f5 big-ip_webaccelerator ≤ 14.1.2 Yes
Application f5 big-ip_domain_name_system ≤ 11.6.5 Yes
Application f5 big-ip_domain_name_system ≤ 12.1.5 Yes
Application f5 big-ip_domain_name_system ≤ 13.1.3 Yes
Application f5 big-ip_domain_name_system ≤ 14.1.2 Yes
References