CVE-2019-6654Improper Input Validation in F5 Big-ip Domain Name System

CWE-20Improper Input Validation4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 67.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+10 more
Timeline
PublishedSep 25
Latest updateMay 24

Description

On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages15 packages

NVDf5/big-ip_domain_name_system11.5.111.6.5+3
NVDf5/big-ip_link_controller11.5.111.6.5+3
NVDf5/big-ip_policy_enforcement_manager11.5.111.6.5+3
NVDf5/big-ip_analytics11.5.111.6.5+3
NVDf5/big-ip_edge_gateway11.5.111.6.5+3

🔴Vulnerability Details

2
GHSA
GHSA-23qw-44cq-68w7: On versions 142022-05-24
CVEList
CVE-2019-6654: On versions 142019-09-25

📋Vendor Advisories

1
F5
CVE-2019-6654: On versions 142019-09-25
CVE-2019-6654 — Improper Input Validation in F5 | cvebase