1. CVE-Search
  2. CVE-2019-6637
ID CVE-2019-6637
Summary On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of "Guest" or greater privilege. Note: "No Access" cannot login so technically it's a role but a user with this access role cannot perform the attack.
References
Vulnerable Configurations
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:12.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:hf1:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:hf1:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:hf2:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:hf2:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:hf3:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:hf3:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.3.0.79.6:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.3.0.79.6:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.3.0.97.6:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.3.0.97.6:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.3.0.99.6:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.3.0.99.6:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5.0.15.5:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5.0.15.5:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5.0.36.5:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5.0.36.5:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5.0.40.5:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.5.0.40.5:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
refmap via4
bid 109091
confirm https://support.f5.com/csp/article/K29149494
Last major update 24-08-2020 - 17:37
Published 03-07-2019 - 19:15
Last modified 24-08-2020 - 17:37
Back to Top