CVE-2019-6684F5 Big-ip Access Policy Manager vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+9 more
Timeline
PublishedDec 23
Latest updateMay 24

Description

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of fragmentation-based attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages12 packages

NVDf5/big-ip_analytics13.0.013.1.3.2+4
NVDf5/big-ip_link_controller13.0.013.1.3.2+4
NVDf5/big-ip_domain_name_system13.0.013.1.3.2+4
NVDf5/big-ip_access_policy_manager13.0.013.1.3.2+4
NVDf5/big-ip_local_traffic_manager13.0.013.1.3.2+4

🔴Vulnerability Details

2
GHSA
GHSA-2r69-jgh4-vvpm: On versions 152022-05-24
CVEList
CVE-2019-6684: On versions 152019-12-23

📋Vendor Advisories

1
F5
CVE-2019-6684: On versions 152019-12-23
CVE-2019-6684 — F5 vulnerability | cvebase