CVE-2019-6637

Published: Jul 3, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of "Guest" or greater privilege. Note: "No Access" cannot login so technically it's a role but a user with this access role cannot perform the attack.

Affected (4)

Products: F5: Big Ip Application Security Manager

1 product

Big Ip Application Security Manager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Application Security Manager	From 12.1.0 to 12.1.4.1
F5 Big Ip Application Security Manager	From 13.0.0 to 13.1.1.5
F5 Big Ip Application Security Manager	From 14.0.0 to 14.0.0.5
F5 Big Ip Application Security Manager	From 14.1.0 to 14.1.0.6

References (4)

http://www.securityfocus.com/bid/109091

Source: f5sirt@f5.com

Third Party AdvisoryVDB Entry

https://support.f5.com/csp/article/K29149494

Source: f5sirt@f5.com

Vendor Advisory

http://www.securityfocus.com/bid/109091

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.f5.com/csp/article/K29149494

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.