Details of VAR-201912-0101

ID

VAR-201912-0101

CVE

CVE-2019-6684

TITLE

BIG-IP Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013581

DESCRIPTION

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of fragmentation-based attack. BIG-IP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1.1, 14.0.0 to 14.1.2.2, 13.1.0 to 13.1.3.1, 12.1.0 to 12.1.5 , version 11.5.2 to version 11.6.5.1

Trust: 1.71

sources: NVD: CVE-2019-6684 // JVNDB: JVNDB-2019-013581 // VULHUB: VHN-158119

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.2.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-013581 // NVD: CVE-2019-6684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6684
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6684
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201912-1013
value:	HIGH
Trust: 0.6
VULHUB:	VHN-158119
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6684
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158119
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6684
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6684
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158119 // JVNDB: JVNDB-2019-013581 // CNNVD: CNNVD-201912-1013 // NVD: CVE-2019-6684

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2019-013581 // NVD: CVE-2019-6684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1013

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-1013

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013581

PATCH

title:	K95117754	url:	https://support.f5.com/csp/article/K95117754	Trust: 0.8
title:	F5 BIG-IP Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106117	Trust: 0.6

sources: JVNDB: JVNDB-2019-013581 // CNNVD: CNNVD-201912-1013

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6684	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-013581	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-1013	Trust: 0.7
db:	VULHUB	id:	VHN-158119	Trust: 0.1

sources: VULHUB: VHN-158119 // JVNDB: JVNDB-2019-013581 // CNNVD: CNNVD-201912-1013 // NVD: CVE-2019-6684

REFERENCES

url:	https://support.f5.com/csp/article/k95117754	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6684	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6684	Trust: 0.8
url:	https://vigilance.fr/vulnerability/f5-big-ip-information-disclosure-via-multi-bladed-vcmp-fragmentation-attack-31229	Trust: 0.6

sources: VULHUB: VHN-158119 // JVNDB: JVNDB-2019-013581 // CNNVD: CNNVD-201912-1013 // NVD: CVE-2019-6684

SOURCES

db:	VULHUB	id:	VHN-158119
db:	JVNDB	id:	JVNDB-2019-013581
db:	CNNVD	id:	CNNVD-201912-1013
db:	NVD	id:	CVE-2019-6684

LAST UPDATE DATE

2024-11-23T22:51:33.001000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158119	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-013581	date:	2020-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201912-1013	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-6684	date:	2024-11-21T04:46:57.120

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158119	date:	2019-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-013581	date:	2020-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201912-1013	date:	2019-12-23T00:00:00
db:	NVD	id:	CVE-2019-6684	date:	2019-12-23T18:15:11.440