CVE-2019-6602

Published Mar 28, 2019
Last updated 4 years ago
CVSS high 7.5
Overview

Description: In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request.
Source: f5sirt@f5.com
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-203
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5917BC9C-20D5-46B1-8CAE-FF13944A6826",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CC4967B-F2FC-4A94-8A6D-469D5B9F98AA",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CBAF023-ECDC-46AA-877C-FEC138154BF9",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2749969B-5CDD-42A4-9DE3-DE111D41969F",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEF3D694-93F5-4929-A9C0-BC2D7E9C3252",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5455A25-7557-4801-BC0F-8E78149A883C",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8B08497-08EC-4841-A3CE-CD8ABFEF5776",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14E85172-80FB-4A48-A02F-B2BCEEEFD764",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E1A42AA-059E-48D2-8564-6886CB48C41A",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "961AFB08-734F-4C41-BE91-B4649B23E45F",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46F0DF62-28F9-484D-92C3-737E1A709AE8",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50165503-DAD4-4472-A029-27D378D6B3D8",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7325E534-6B65-49B8-988A-DE697261FF8E",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13414479-696D-41FB-919F-783741919610",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC16DB86-DCA7-4E8F-A14E-19CD56860700",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1A6391D-E411-472A-A714-88D435789095",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3ED5BCF6-E0BB-4EC9-B5E2-C4AF013BB074",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "288029B5-863C-492C-83A6-C206A85201ED",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18635B65-806D-4F10-A853-87F870E981F7",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73EFB5D4-2BB0-402C-8CE2-5F33A68C42AD",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBAB68BD-C800-46A8-8FC7-87AAE84EE4C4",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB73A745-E16B-4084-8CBE-FBBF8F52E72E",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "858B5DF1-A47F-467D-958D-77F5041BDB0A",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4016BD06-2BC7-4CBD-806F-2ED718E2418C",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E52F2B50-314C-4F02-AF3B-EAF8109A5B04",
            "versionEndIncluding": "11.5.8",
            "versionStartIncluding": "11.5.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD85C59D-43E8-4091-B0F6-5ACC40CC7257",
            "versionEndIncluding": "11.6.3",
            "versionStartIncluding": "11.6.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
