Sign-up

ID

VAR-201912-0103


CVE

CVE-2019-6686


TITLE

BIG-IP Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013570

DESCRIPTION

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, the Traffic Management Microkernel (TMM) might stop responding after the total number of diameter connections and pending messages on a single virtual server has reached 32K. BIG-IP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. Local Traffic Manager (LTM) is one of the local traffic managers. A security vulnerability exists in the F5 BIG-IP LTM. An attacker can exploit this vulnerability to make TMM generate a core file and restart it, causing the BIG-IP system to fail to process traffic. The following products and versions are affected: F5 BIG-IP LTM from version 15.0.0 to version 15.0.1, version 14.1.0 to version 14.1.2, version 14.0.0 to version 14.0.1, version 13.1.0 to version 13.1.3 Version

Trust: 1.71

sources: NVD: CVE-2019-6686 // JVNDB: JVNDB-2019-013570 // VULHUB: VHN-158121

AFFECTED PRODUCTS

vendor:f5model:big-ip local traffic managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:13.1.3.2

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:14.0.1.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:14.1.2.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:eqversion:13.1.0 to 13.1.3.1

Trust: 0.8

vendor:f5model:big-ip local traffic managerscope:eqversion:14.0.0 to 14.0.1

Trust: 0.8

vendor:f5model:big-ip local traffic managerscope:eqversion:14.1.0 to 14.1.2

Trust: 0.8

vendor:f5model:big-ip local traffic managerscope:eqversion:15.0.0 to 15.0.1.1

Trust: 0.8

sources: JVNDB: JVNDB-2019-013570 // NVD: CVE-2019-6686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6686
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6686
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201912-991
value: MEDIUM

Trust: 0.6

VULHUB: VHN-158121
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6686
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158121
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6686
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-6686
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158121 // JVNDB: JVNDB-2019-013570 // CNNVD: CNNVD-201912-991 // NVD: CVE-2019-6686

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-013570 // NVD: CVE-2019-6686

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-991

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-991

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013570

PATCH
title:K55812535url:https://support.f5.com/csp/article/K55812535
Trust: 0.8
title:F5 BIG-IP Local Traffic Manager Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106264
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-013570 // 
            
            
            
            CNNVD: CNNVD-201912-991

EXTERNAL IDS
db:NVDid:CVE-2019-6686
Trust: 2.5
db:JVNDBid:JVNDB-2019-013570
Trust: 0.8
db:CNNVDid:CNNVD-201912-991
Trust: 0.7
db:AUSCERTid:ESB-2019.4761
Trust: 0.6
db:AUSCERTid:ESB-2019.4761.5
Trust: 0.6
db:AUSCERTid:ESB-2019.4761.4
Trust: 0.6
db:VULHUBid:VHN-158121
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158121 // 
            
            
            
            JVNDB: JVNDB-2019-013570 // 
            
            
            
            CNNVD: CNNVD-201912-991 // 
            
            
            
            NVD: CVE-2019-6686

REFERENCES
url:https://support.f5.com/csp/article/k55812535
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6686
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-6686
Trust: 0.8
url:https://support.f5.com/csp/article/k25607522
Trust: 0.6
url:https://support.f5.com/csp/article/k39604784
Trust: 0.6
url:https://support.f5.com/csp/article/k76328112
Trust: 0.6
url:https://support.f5.com/csp/article/k04897373
Trust: 0.6
url:https://support.f5.com/csp/article/k40452417
Trust: 0.6
url:https://support.f5.com/csp/article/k37890841
Trust: 0.6
url:https://vigilance.fr/vulnerability/f5-big-ip-ltm-denial-of-service-via-mrf-diameter-32k-connections-31225
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4761.5/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4761/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4761.4/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-158121 // 
            
            
            
            JVNDB: JVNDB-2019-013570 // 
            
            
            
            CNNVD: CNNVD-201912-991 // 
            
            
            
            NVD: CVE-2019-6686

SOURCES
db:VULHUBid:VHN-158121
db:JVNDBid:JVNDB-2019-013570
db:CNNVDid:CNNVD-201912-991
db:NVDid:CVE-2019-6686

LAST UPDATE DATE
2024-11-23T22:16:45.986000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158121date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-013570date:2020-01-09T00:00:00
db:CNNVDid:CNNVD-201912-991date:2020-08-25T00:00:00
db:NVDid:CVE-2019-6686date:2024-11-21T04:46:57.333

SOURCES RELEASE DATE
db:VULHUBid:VHN-158121date:2019-12-23T00:00:00
db:JVNDBid:JVNDB-2019-013570date:2020-01-09T00:00:00
db:CNNVDid:CNNVD-201912-991date:2019-12-23T00:00:00
db:NVDid:CVE-2019-6686date:2019-12-23T18:15:11.597