Details of VAR-201909-0077

ID

VAR-201909-0077

CVE

CVE-2019-6650

TITLE

F5 BIG-IP ASM Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-009604

DESCRIPTION

F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings. F5 BIG-IP ASM is a Web Application Firewall (WAF) of F5 Corporation in the United States, which provides secure remote access, protects emails, simplifies Web access control, and enhances network and application performance. A security vulnerability exists in F5 BIG-IP ASM. An attacker could exploit this vulnerability to disclose sensitive information and modify system configurations. The following products and versions are affected: F5 BIG-IP ASM version 15.0.0, version 14.1.0 to version 14.1.0.6, version 14.0.0 to version 14.0.0.5, version 13.0.0 to version 13.1.1.5, version 12.1.0 Version to version 12.1.4.1, version 11.6.0 to version 11.6.4, version 11.5.1 to version 11.5.9

Trust: 1.71

sources: NVD: CVE-2019-6650 // JVNDB: JVNDB-2019-009604 // VULHUB: VHN-158085

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	15.0.0	Trust: 1.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.5.9	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.1 to 11.5.9	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.0 to 11.6.4	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.0 to 12.1.4.1	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	13.0.0 to 13.1.1.5	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.0.0 to 14.0.0.5	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.1.0 to 14.1.0.6	Trust: 0.8

sources: JVNDB: JVNDB-2019-009604 // NVD: CVE-2019-6650

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6650
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-6650
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201909-968
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-158085
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6650
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158085
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6650
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6650
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158085 // JVNDB: JVNDB-2019-009604 // CNNVD: CNNVD-201909-968 // NVD: CVE-2019-6650

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-158085 // JVNDB: JVNDB-2019-009604 // NVD: CVE-2019-6650

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-968

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201909-968

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009604

PATCH

title:	K04280042	url:	https://support.f5.com/csp/article/K04280042	Trust: 0.8
title:	F5 BIG-IP ASM Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98454	Trust: 0.6

sources: JVNDB: JVNDB-2019-009604 // CNNVD: CNNVD-201909-968

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6650	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-009604	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-968	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3563	Trust: 0.6
db:	CNVD	id:	CNVD-2020-61642	Trust: 0.1
db:	VULHUB	id:	VHN-158085	Trust: 0.1

sources: VULHUB: VHN-158085 // JVNDB: JVNDB-2019-009604 // CNNVD: CNNVD-201909-968 // NVD: CVE-2019-6650

REFERENCES

url:	https://support.f5.com/csp/article/k04280042	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6650	Trust: 1.4
url:	https://support.f5.com/csp/article/k04280042?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6650	Trust: 0.8
url:	https://support.f5.com/csp/article/k04280042?utm_source=f5support&utm_medium=rss	Trust: 0.6
url:	https://vigilance.fr/vulnerability/f5-big-ip-asm-information-disclosure-30373	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3563/	Trust: 0.6
url:	https://support.f5.com/csp/article/k04280042?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1

sources: VULHUB: VHN-158085 // JVNDB: JVNDB-2019-009604 // CNNVD: CNNVD-201909-968 // NVD: CVE-2019-6650

SOURCES

db:	VULHUB	id:	VHN-158085
db:	JVNDB	id:	JVNDB-2019-009604
db:	CNNVD	id:	CNNVD-201909-968
db:	NVD	id:	CVE-2019-6650

LAST UPDATE DATE

2024-11-23T21:51:59.424000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158085	date:	2023-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-009604	date:	2019-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201909-968	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-6650	date:	2024-11-21T04:46:53.007

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158085	date:	2019-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-009604	date:	2019-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201909-968	date:	2019-09-20T00:00:00
db:	NVD	id:	CVE-2019-6650	date:	2019-09-20T20:15:11.443