CVE-2019-6598

4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 44.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+11 more
Timeline
PublishedMar 13
Latest updateMay 13

Description

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages14 packages

NVDf5/big-ip_access_policy_manager11.5.111.5.8+4
NVDf5/big-ip_local_traffic_manager11.5.111.5.8+4
NVDf5/big-ip_global_traffic_manager11.5.111.5.8+4
NVDf5/big-ip_advanced_firewall_manager11.5.111.5.8+4

🔴Vulnerability Details

2
GHSA
GHSA-gc8m-99qv-67w4: In BIG-IP 142022-05-13
CVEList
CVE-2019-6598: In BIG-IP 142019-03-13

📋Vendor Advisories

1
F5
CVE-2019-6598: In BIG-IP 142019-03-13
CVE-2019-6598 (MEDIUM CVSS 4.3) | In BIG-IP 14.0.0-14.0.0.2 | cvebase.io