CVE-2019-6603

4 documents4 sources
Severity
7.5HIGH
EPSS
0.9%
top 24.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+10 more
Timeline
PublishedMar 28
Latest updateMay 13

Description

In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

NVDf5/big-ip_link_controller11.5.111.5.8+3
NVDf5/big-ip_fraud_protection_service11.5.111.5.8+3
NVDf5/big-ip_analytics11.5.111.5.8+3
NVDf5/big-ip_edge_gateway11.5.111.5.8+3
NVDf5/big-ip_webaccelerator11.5.111.5.8+3

🔴Vulnerability Details

2
GHSA
GHSA-5fc7-fcqx-62c8: In BIG-IP 112022-05-13
CVEList
CVE-2019-6603: In BIG-IP 112019-03-28

📋Vendor Advisories

1
F5
CVE-2019-6603: In BIG-IP 112019-03-28
CVE-2019-6603 (HIGH CVSS 7.5) | In BIG-IP 11.5.1-11.5.8 | cvebase.io