CVE-2019-6644
published 2019-09-04CVE-2019-6644: Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug…
critical9.4CVSS 3.1
AVNACLPRNUINSUCHIHAL
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.
Affected
65 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_aam | — | — |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_access_policy_manager | 12.1.3 – 12.1.4 | — |
| f5 | big-ip_access_policy_manager | 13.0.0 – 13.1.2 | — |
| f5 | big-ip_advanced_firewall_manager | — | — |
| f5 | big-ip_advanced_firewall_manager | — | — |
| f5 | big-ip_advanced_firewall_manager | 12.1.3 – 12.1.4 | — |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 – 13.1.2 | — |
| f5 | big-ip_afm | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | 12.1.3 – 12.1.4 | — |
| f5 | big-ip_analytics | 13.0.0 – 13.1.2 | — |
| f5 | big-ip_apm | — | — |
| f5 | big-ip_application_acceleration_manager | — | — |
| f5 | big-ip_application_acceleration_manager | — | — |
| f5 | big-ip_application_acceleration_manager | 12.1.3 – 12.1.4 | — |
| f5 | big-ip_application_acceleration_manager | 13.0.0 – 13.1.2 | — |
| f5 | big-ip_application_security_manager | — | — |
| f5 | big-ip_application_security_manager | — | — |
| f5 | big-ip_application_security_manager | 12.1.3 – 12.1.4 | — |
| f5 | big-ip_application_security_manager | 13.0.0 – 13.1.2 | — |
| f5 | big-ip_asm | — | — |