Sign-up

ID

VAR-201912-0104


CVE

CVE-2019-6687


TITLE

BIG-IP ASM Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013571

DESCRIPTION

On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. BIG-IP ASM Contains an authentication vulnerability.Information may be obtained and information may be altered. F5 BIG-IP ASM is a Web Application Firewall (WAF) of F5 Corporation in the United States, which provides secure remote access, protects emails, simplifies Web access control, and enhances network and application performance. Attackers can exploit this vulnerability to intercept traffic sent to cloud services, read and modify transmitted data

Trust: 1.71

sources: NVD: CVE-2019-6687 // JVNDB: JVNDB-2019-013571 // VULHUB: VHN-158122

AFFECTED PRODUCTS

vendor:f5model:big-ip application security managerscope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:eqversion:15.0.0 to 15.0.1.1

Trust: 0.8

sources: JVNDB: JVNDB-2019-013571 // NVD: CVE-2019-6687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6687
value: HIGH

Trust: 1.0

NVD: CVE-2019-6687
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201912-954
value: HIGH

Trust: 0.6

VULHUB: VHN-158122
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6687
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158122
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6687
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-6687
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158122 // JVNDB: JVNDB-2019-013571 // CNNVD: CNNVD-201912-954 // NVD: CVE-2019-6687

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:CWE-287

Trust: 0.8

sources: VULHUB: VHN-158122 // JVNDB: JVNDB-2019-013571 // NVD: CVE-2019-6687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-954

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201912-954

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013571

PATCH
title:K59957337url:https://support.f5.com/csp/article/K59957337
Trust: 0.8
title:F5 BIG-IP ASM Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106262
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-013571 // 
            
            
            
            CNNVD: CNNVD-201912-954

EXTERNAL IDS
db:NVDid:CVE-2019-6687
Trust: 2.5
db:JVNDBid:JVNDB-2019-013571
Trust: 0.8
db:CNNVDid:CNNVD-201912-954
Trust: 0.7
db:AUSCERTid:ESB-2019.4744
Trust: 0.6
db:VULHUBid:VHN-158122
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158122 // 
            
            
            
            JVNDB: JVNDB-2019-013571 // 
            
            
            
            CNNVD: CNNVD-201912-954 // 
            
            
            
            NVD: CVE-2019-6687

REFERENCES
url:https://support.f5.com/csp/article/k59957337
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6687
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-6687
Trust: 0.8
url:https://vigilance.fr/vulnerability/f5-big-ip-asm-privilege-escalation-via-cloud-security-services-x-509-certificate-31210
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4744/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-158122 // 
            
            
            
            JVNDB: JVNDB-2019-013571 // 
            
            
            
            CNNVD: CNNVD-201912-954 // 
            
            
            
            NVD: CVE-2019-6687

SOURCES
db:VULHUBid:VHN-158122
db:JVNDBid:JVNDB-2019-013571
db:CNNVDid:CNNVD-201912-954
db:NVDid:CVE-2019-6687

LAST UPDATE DATE
2024-11-23T21:51:49.835000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158122date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-013571date:2020-01-09T00:00:00
db:CNNVDid:CNNVD-201912-954date:2020-08-25T00:00:00
db:NVDid:CVE-2019-6687date:2024-11-21T04:46:57.440

SOURCES RELEASE DATE
db:VULHUBid:VHN-158122date:2019-12-23T00:00:00
db:JVNDBid:JVNDB-2019-013571date:2020-01-09T00:00:00
db:CNNVDid:CNNVD-201912-954date:2019-12-20T00:00:00
db:NVDid:CVE-2019-6687date:2019-12-23T18:15:11.677