CVE-2019-6634F5 Big-ip Analytics vulnerability

4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 43.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+11 more
Timeline
PublishedJul 3
Latest updateMay 24

Description

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages14 packages

NVDf5/big-ip_analytics12.1.012.1.4.1+3
NVDf5/big-ip_edge_gateway12.1.012.1.4.1+3
NVDf5/big-ip_webaccelerator12.1.012.1.4.1+3
NVDf5/big-ip_link_controller12.1.012.1.4.1+3
NVDf5/big-ip_domain_name_system12.1.012.1.4.1+3

🔴Vulnerability Details

2
GHSA
GHSA-hj82-g697-8wqp: On BIG-IP 142022-05-24
CVEList
CVE-2019-6634: On BIG-IP 142019-07-03

📋Vendor Advisories

1
F5
CVE-2019-6634: On BIG-IP 142019-07-03
CVE-2019-6634 — F5 Big-ip Analytics vulnerability | cvebase