Details of VAR-201911-0289

ID

VAR-201911-0289

CVE

CVE-2019-6665

TITLE

plural F5 Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-012883

DESCRIPTION

On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic. plural F5 The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP ASM, etc. are all products of F5 Company in the United States. F5 BIG-IP ASM is a web application firewall (WAF), and F5 Enterprise Manager is a tool that provides visibility into the entire BIG-IP application delivery infrastructure and optimizes application performance. F5 BIG-IQ is a software-based cloud management solution. Security flaws exist in several F5 products. The following products and versions are affected: F5 BIG-IP ASM version 15.0.0 to version 15.0.1, version 14.1.0 to version 14.1.2, version 14.0.0 to version 14.0.1, version 13.1.0 to version 13.1.3.1 Version; BIG-IQ version 6.0.0, version 5.2.0-5.4.0; iWorkflow version 2.3.0; Enterprise Manager version 3.1.1

Trust: 1.71

sources: NVD: CVE-2019-6665 // JVNDB: JVNDB-2019-012883 // VULHUB: VHN-158100

AFFECTED PRODUCTS

vendor:	f5	model:	big-iq centralized management	scope:	eq	version:	6.0.0	Trust: 1.8
vendor:	f5	model:	iworkflow	scope:	eq	version:	2.3.0	Trust: 1.8
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	15.0.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	lte	version:	5.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	13.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	gte	version:	5.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	14.0.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	13.1.0 to 13.1.3.1	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.0.0 to 14.0.1	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.1.0 to 14.1.2	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	15.0.0 to 15.0.1	Trust: 0.8
vendor:	f5	model:	big-iq centralized management	scope:	eq	version:	5.2.0 to 5.4.0	Trust: 0.8
vendor:	f5	model:	enterprise manager software	scope:	eq	version:	3.1.1	Trust: 0.8

sources: JVNDB: JVNDB-2019-012883 // NVD: CVE-2019-6665

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6665
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-6665
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201911-1434
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-158100
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-6665
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158100
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6665
baseSeverity:	CRITICAL
baseScore:	9.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6665
baseSeverity:	CRITICAL
baseScore:	9.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158100 // JVNDB: JVNDB-2019-012883 // CNNVD: CNNVD-201911-1434 // NVD: CVE-2019-6665

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-287	Trust: 0.8

sources: JVNDB: JVNDB-2019-012883 // NVD: CVE-2019-6665

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1434

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201911-1434

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012883

PATCH

title:	K26462555	url:	https://support.f5.com/csp/article/K26462555	Trust: 0.8
title:	Multiple F5 Product Authorization Issue Vulnerability Fixing Measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104717	Trust: 0.6

sources: JVNDB: JVNDB-2019-012883 // CNNVD: CNNVD-201911-1434

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6665	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-012883	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-1434	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4496.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4496.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4496	Trust: 0.6
db:	VULHUB	id:	VHN-158100	Trust: 0.1

sources: VULHUB: VHN-158100 // JVNDB: JVNDB-2019-012883 // CNNVD: CNNVD-201911-1434 // NVD: CVE-2019-6665

REFERENCES

url:	https://support.f5.com/csp/article/k26462555	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6665	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6665	Trust: 0.8
url:	https://support.f5.com/csp/article/k81557381	Trust: 0.6
url:	https://support.f5.com/csp/article/k24241590	Trust: 0.6
url:	https://support.f5.com/csp/article/k39225055	Trust: 0.6
url:	https://support.f5.com/csp/article/k11447758	Trust: 0.6
url:	https://support.f5.com/csp/article/k14703097	Trust: 0.6
url:	https://support.f5.com/csp/article/k39794285	Trust: 0.6
url:	https://support.f5.com/csp/article/k92411323	Trust: 0.6
url:	https://support.f5.com/csp/article/k79240502	Trust: 0.6
url:	https://support.f5.com/csp/article/k82781208	Trust: 0.6
url:	https://vigilance.fr/vulnerability/f5-big-ip-asm-man-in-the-middle-via-central-policy-builder-big-iq-30995	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4496.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4496.4/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4496/	Trust: 0.6

sources: VULHUB: VHN-158100 // JVNDB: JVNDB-2019-012883 // CNNVD: CNNVD-201911-1434 // NVD: CVE-2019-6665

SOURCES

db:	VULHUB	id:	VHN-158100
db:	JVNDB	id:	JVNDB-2019-012883
db:	CNNVD	id:	CNNVD-201911-1434
db:	NVD	id:	CVE-2019-6665

LAST UPDATE DATE

2024-11-23T21:36:32.745000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158100	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-012883	date:	2019-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201911-1434	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-6665	date:	2024-11-21T04:46:54.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158100	date:	2019-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-012883	date:	2019-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201911-1434	date:	2019-11-27T00:00:00
db:	NVD	id:	CVE-2019-6665	date:	2019-11-27T22:15:11.383