CVE-2019-6665

Published: Nov 27, 2019Modified: Nov 21, 2024

9.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Exploitability: 3.9 / Impact: 5.5

Source: NVD

Description

On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic.

Affected (8)

Products: F5: Big Ip Application Security Manager, Big Iq Centralized Management, Enterprise Manager, Iworkflow

4 products

Big Ip Application Security Manager

Big Iq Centralized Management

Enterprise Manager

Iworkflow

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Application Security Manager	From 13.1.0 to 13.1.3.1
F5 Big Ip Application Security Manager	From 14.0.0 to 14.0.1
F5 Big Ip Application Security Manager	From 14.1.0 to 14.1.2
F5 Big Ip Application Security Manager	From 15.0.0 to 15.0.1
F5 Big Iq Centralized Management	From 5.2.0 to 5.4.0
F5 Big Iq Centralized Management	Version 6.0.0
F5 Enterprise Manager	Version 3.1.1
F5 Iworkflow	Version 2.3.0

References (2)

https://support.f5.com/csp/article/K26462555

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K26462555

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.