CVE-2019-6641

Published Jul 3, 2019

Last updated a year ago

CVSS medium 6.5

Overview

Description: On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. The attack can only come from an authenticated user; all roles are capable of performing the attack. Unauthenticated users cannot perform this attack.
Source: f5sirt@f5.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D838747-055B-4392-8CF1-36B05D372C48",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D0A3C92-5DA0-4D7F-B936-9484ED5FBC51",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03E44756-1682-4EB8-84F2-27C10B32CEDF",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3597D2DC-7F9B-4F1A-9EBB-F99308EF9994",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "986F4025-5D78-4930-8E47-0FA2FA902685",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EE35851-30B3-4E95-A431-07D04D9B5A73",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8041DDC2-0DE0-4A48-9862-487F9F1A2C7D",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99756A5B-DC9B-4FC7-9912-A2CCDA755370",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97102397-035B-40B0-A80F-D53FCCE4E92D",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "141E24AE-DA85-4807-9302-5526F2771B54",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F955A4D6-9FC3-4D60-8DF9-44A7F783D30F",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C09BAE4-5478-4A89-88D2-4CF28233C1A2",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87D93FF1-81D1-47BF-A7DF-C43194F48E8A",
            "versionEndIncluding": "12.1.4",
            "versionStartIncluding": "12.1.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References