CVE-2019-6613: On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission…

medium5.3CVSS 3.1

AVNACLPRNUINSUCLINAN

On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types and is accessed using SNMPv2.

Affected

65 ranges· showing 25

Vendor	Product	Version range	Fixed in
f5	big-ip_aam	—	—
f5	big-ip_access_policy_manager	>= 11.5.2 < 11.5.9	11.5.9
f5	big-ip_access_policy_manager	>= 11.6.1 < 11.6.4	11.6.4
f5	big-ip_access_policy_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_access_policy_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_advanced_firewall_manager	>= 11.5.2 < 11.5.9	11.5.9
f5	big-ip_advanced_firewall_manager	>= 11.6.1 < 11.6.4	11.6.4
f5	big-ip_advanced_firewall_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_advanced_firewall_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_afm	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	>= 11.5.2 < 11.5.9	11.5.9
f5	big-ip_analytics	>= 11.6.1 < 11.6.4	11.6.4
f5	big-ip_analytics	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_analytics	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_apm	—	—
f5	big-ip_application_acceleration_manager	>= 11.5.2 < 11.5.9	11.5.9
f5	big-ip_application_acceleration_manager	>= 11.6.1 < 11.6.4	11.6.4
f5	big-ip_application_acceleration_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_application_acceleration_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_application_security_manager	>= 11.5.2 < 11.5.9	11.5.9
f5	big-ip_application_security_manager	>= 11.6.1 < 11.6.4	11.6.4
f5	big-ip_application_security_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_application_security_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_asm	—	—