CVE Vulnerabilities

CVE-2019-6634

Published: Jul 03, 2019 | Modified: Aug 24, 2020
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role.

Affected Software

Name Vendor Start Version End Version
Big-ip_local_traffic_manager F5 12.1.0 (including) 12.1.4.1 (excluding)
Big-ip_local_traffic_manager F5 13.0.0 (including) 13.1.1.5 (excluding)
Big-ip_local_traffic_manager F5 14.0.0 (including) 14.0.0.5 (excluding)
Big-ip_local_traffic_manager F5 14.1.0 (including) 14.1.0.6 (excluding)

References