Sign-up

ID

VAR-201909-0073


CVE

CVE-2019-6652


TITLE

BIG-IQ Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-009707

DESCRIPTION

In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS). BIG-IQ Contains an authentication vulnerability.Information may be obtained and information may be altered. F5 BIG-IQ Centralized Management is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. A security vulnerability exists in F5 BIG-IQ Centralized Management versions 6.0.0 through 6.1.0. An attacker could exploit this vulnerability to gain full access to the statistics database on the BIG-IQ system. Successfully exploiting this issue may allow an malicious user to bypass certain security restrictions and perform unauthorized actions

Trust: 1.8

sources: NVD: CVE-2019-6652 // JVNDB: JVNDB-2019-009707 // VULHUB: VHN-158087 // VULMON: CVE-2019-6652

AFFECTED PRODUCTS

vendor:f5model:big-iq centralized managementscope:gteversion:6.0.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:lteversion:6.1.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:eqversion:6.0.0 to 6.1.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-009707 // NVD: CVE-2019-6652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6652
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6652
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-1108
value: MEDIUM

Trust: 0.6

VULHUB: VHN-158087
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-6652
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6652
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-158087
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6652
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2019-6652
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158087 // VULMON: CVE-2019-6652 // JVNDB: JVNDB-2019-009707 // CNNVD: CNNVD-201909-1108 // NVD: CVE-2019-6652

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-158087 // JVNDB: JVNDB-2019-009707 // NVD: CVE-2019-6652

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1108

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1108

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009707

PATCH
title:K23101430url:https://support.f5.com/csp/article/K23101430
Trust: 0.8
title:F5 BIG-IQ Centralized Management Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=98525
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009707 // 
            
            
            
            CNNVD: CNNVD-201909-1108

EXTERNAL IDS
db:NVDid:CVE-2019-6652
Trust: 2.6
db:JVNDBid:JVNDB-2019-009707
Trust: 0.8
db:CNNVDid:CNNVD-201909-1108
Trust: 0.7
db:AUSCERTid:ESB-2019.3599
Trust: 0.6
db:VULHUBid:VHN-158087
Trust: 0.1
db:VULMONid:CVE-2019-6652
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158087 // 
            
            
            
            VULMON: CVE-2019-6652 // 
            
            
            
            JVNDB: JVNDB-2019-009707 // 
            
            
            
            CNNVD: CNNVD-201909-1108 // 
            
            
            
            NVD: CVE-2019-6652

REFERENCES
url:https://support.f5.com/csp/article/k23101430
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-6652
Trust: 1.4
url:https://support.f5.com/csp/article/k23101430?utm_source=f5support&amp%3butm_medium=rss
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6652
Trust: 0.8
url:https://support.f5.com/csp/article/k23101430?utm_source=f5support&utm_medium=rss
Trust: 0.7
url:https://www.auscert.org.au/bulletins/esb-2019.3599/
Trust: 0.6
url:https://support.f5.com/csp/article/k23101430?utm_source=f5support&utm_medium=rss
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/319.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110594
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158087 // 
            
            
            
            VULMON: CVE-2019-6652 // 
            
            
            
            JVNDB: JVNDB-2019-009707 // 
            
            
            
            CNNVD: CNNVD-201909-1108 // 
            
            
            
            NVD: CVE-2019-6652

SOURCES
db:VULHUBid:VHN-158087
db:VULMONid:CVE-2019-6652
db:JVNDBid:JVNDB-2019-009707
db:CNNVDid:CNNVD-201909-1108
db:NVDid:CVE-2019-6652

LAST UPDATE DATE
2024-11-23T22:44:54.378000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158087date:2023-02-03T00:00:00
db:VULMONid:CVE-2019-6652date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-009707date:2019-09-30T00:00:00
db:CNNVDid:CNNVD-201909-1108date:2023-02-06T00:00:00
db:NVDid:CVE-2019-6652date:2024-11-21T04:46:53.253

SOURCES RELEASE DATE
db:VULHUBid:VHN-158087date:2019-09-25T00:00:00
db:VULMONid:CVE-2019-6652date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-009707date:2019-09-30T00:00:00
db:CNNVDid:CNNVD-201909-1108date:2019-09-25T00:00:00
db:NVDid:CVE-2019-6652date:2019-09-25T18:15:13.353