cvelistv5 - cve-2019-6672

CVE-2019-6672 (GCVE-0-2019-6672)

Vulnerability from cvelistv5

Published

2019-11-27 21:38

Modified

2024-08-04 20:31

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	F5	BIG-IP AFM	Version: 15.0.0-15.0.1 Version: 14.0.0-14.1.2 Version: 13.1.0-13.1.3.1

var-201911-0296

Vulnerability from variot

On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded. BIG-IP AFM Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP AFM is an advanced firewall product used to protect against DDos attacks from F5 Corporation of the United States. Security vulnerabilities exist in F5 BIG-IP AFM versions 15.0.0 through 15.0.1, 14.0.0 through 14.1.2, and 13.1.0 through 13.1.3.1. An attacker could exploit this vulnerability to cause legitimate network packet loss or delay

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0296",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3.1"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.1"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "13.1.0 to  13.1.3.1"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "14.0.0 to  14.1.2"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "15.0.0 to  15.0.1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6672"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:f5:big-ip_advanced_firewall_manager",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      }
    ]
  },
  "cve": "CVE-2019-6672",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-6672",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-158107",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-6672",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-6672",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6672",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-6672",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201911-1444",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-158107",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1444"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6672"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded. BIG-IP AFM Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP AFM is an advanced firewall product used to protect against DDos attacks from F5 Corporation of the United States. Security vulnerabilities exist in F5 BIG-IP AFM versions 15.0.0 through 15.0.1, 14.0.0 through 14.1.2, and 13.1.0 through 13.1.3.1. An attacker could exploit this vulnerability to cause legitimate network packet loss or delay",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158107"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6672",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012889",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1444",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4496.4",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4496.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4496",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-46835",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-158107",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1444"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6672"
      }
    ]
  },
  "id": "VAR-201911-0296",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158107"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:36:32.641000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "K14703097",
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/K14703097"
      },
      {
        "title": "F5 BIG-IP AFM Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104719"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1444"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6672"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.f5.com/csp/article/k14703097"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6672"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6672"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k81557381"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k24241590"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k39225055"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k11447758"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k39794285"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k26462555"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k92411323"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k79240502"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k82781208"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4496.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4496.4/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/f5-big-ip-afm-infinite-loop-via-bad-actor-detection-30993"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4496/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1444"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6672"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-158107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1444"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6672"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158107"
      },
      {
        "date": "2019-12-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      },
      {
        "date": "2019-11-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1444"
      },
      {
        "date": "2019-11-27T22:15:11.850000",
        "db": "NVD",
        "id": "CVE-2019-6672"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158107"
      },
      {
        "date": "2019-12-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1444"
      },
      {
        "date": "2024-11-21T04:46:55.697000",
        "db": "NVD",
        "id": "CVE-2019-6672"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1444"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BIG-IP AFM Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012889"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1444"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2019-AVI-593

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.1.x antérieures à 14.1.2.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) avec les deniers correctifs de type ENG Hotfix installés ; ceux-ci sont fournis directement par le service client de F5.
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.x antérieures à 14.0.1.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.x antérieures à 11.6.5.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 15.0.x antérieures à 15.0.1.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 13.x antérieures à 13.1.3.5
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 12.x antérieures à 12.1.5

References

Title

Publication Time

ghsa-rx3r-224f-8r7p

Vulnerability from github

Published

2022-05-24 17:02

Modified

2024-04-04 02:41

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6672"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-27T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded.",
  "id": "GHSA-rx3r-224f-8r7p",
  "modified": "2024-04-04T02:41:12Z",
  "published": "2022-05-24T17:02:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6672"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K14703097"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2019-6672

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-6672

Aliases

CVE-2019-6672

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6672",
    "description": "On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded.",
    "id": "GSD-2019-6672"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6672"
      ],
      "details": "On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded.",
      "id": "GSD-2019-6672",
      "modified": "2023-12-13T01:23:49.509209Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "f5sirt@f5.com",
        "ID": "CVE-2019-6672",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BIG-IP AFM",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "15.0.0-15.0.1"
                        },
                        {
                          "version_value": "14.0.0-14.1.2"
                        },
                        {
                          "version_value": "13.1.0-13.1.3.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "F5"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "DoS"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.f5.com/csp/article/K14703097",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K14703097"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3.1",
                "versionStartIncluding": "13.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.0.1",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2019-6672"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K14703097",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K14703097"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-11-27T22:15Z"
    }
  }
}

cnvd-2020-46835

Vulnerability from cnvd

Title

F5 BIG-IP AFM输入验证错误漏洞

Description

F5 BIG-IP AFM是美国F5公司的一款用于防护DDos攻击的高级防火墙产品。 F5 BIG-IP AFM 15.0.0版本至15.0.1版本、14.0.0版本至14.1.2版本和13.1.0版本至13.1.3.1版本中存在输入验证错误漏洞，攻击者可利用该漏洞造成合法的网络数据包丢失或延迟。

Severity

中

Patch Name

F5 BIG-IP AFM输入验证错误漏洞的补丁

Patch Description

F5 BIG-IP AFM是美国F5公司的一款用于防护DDos攻击的高级防火墙产品。 F5 BIG-IP AFM 15.0.0版本至15.0.1版本、14.0.0版本至14.1.2版本和13.1.0版本至13.1.3.1版本中存在输入验证错误漏洞，攻击者可利用该漏洞造成合法的网络数据包丢失或延迟。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.f5.com/csp/article/K14703097

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-6672

Impacted products

Name
['F5 F5 BIG-IP AFM >=15.0.0，<=15.0.1', 'F5 F5 BIG-IP AFM >=14.0.0，<=14.1.2', 'F5 F5 BIG-IP AFM >=13.1.0，<=13.1.3.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6672",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-6672"
    }
  },
  "description": "F5 BIG-IP AFM\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u9632\u62a4DDos\u653b\u51fb\u7684\u9ad8\u7ea7\u9632\u706b\u5899\u4ea7\u54c1\u3002\n\nF5 BIG-IP AFM 15.0.0\u7248\u672c\u81f315.0.1\u7248\u672c\u300114.0.0\u7248\u672c\u81f314.1.2\u7248\u672c\u548c13.1.0\u7248\u672c\u81f313.1.3.1\u7248\u672c\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5408\u6cd5\u7684\u7f51\u7edc\u6570\u636e\u5305\u4e22\u5931\u6216\u5ef6\u8fdf\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.f5.com/csp/article/K14703097",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-46835",
  "openTime": "2020-08-19",
  "patchDescription": "F5 BIG-IP AFM\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u9632\u62a4DDos\u653b\u51fb\u7684\u9ad8\u7ea7\u9632\u706b\u5899\u4ea7\u54c1\u3002\r\n\r\nF5 BIG-IP AFM 15.0.0\u7248\u672c\u81f315.0.1\u7248\u672c\u300114.0.0\u7248\u672c\u81f314.1.2\u7248\u672c\u548c13.1.0\u7248\u672c\u81f313.1.3.1\u7248\u672c\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5408\u6cd5\u7684\u7f51\u7edc\u6570\u636e\u5305\u4e22\u5931\u6216\u5ef6\u8fdf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 BIG-IP AFM\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "F5 F5 BIG-IP AFM \u003e=15.0.0\uff0c\u003c=15.0.1",
      "F5 F5 BIG-IP AFM \u003e=14.0.0\uff0c\u003c=14.1.2",
      "F5 F5 BIG-IP AFM \u003e=13.1.0\uff0c\u003c=13.1.3.1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-6672",
  "serverity": "\u4e2d",
  "submitTime": "2019-12-04",
  "title": "F5 BIG-IP AFM\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

fkie_cve-2019-6672

Vulnerability from fkie_nvd

Published

2019-11-27 22:15

Modified

2024-11-21 04:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	f5sirt@f5.com	https://support.f5.com/csp/article/K14703097	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K14703097	Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_advanced_firewall_manager	*
f5	big-ip_advanced_firewall_manager	*
f5	big-ip_advanced_firewall_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2BFAF3E-5E01-4EBF-AC8C-92DDFF38EB8F",
              "versionEndIncluding": "13.1.3.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "925049D0-082E-4CED-9996-A55620A220CF",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCAE28C2-0ADD-4FD0-A520-EFB764164DD8",
              "versionEndIncluding": "15.0.1",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded."
    },
    {
      "lang": "es",
      "value": "En BIG-IP AFM versiones 15.0.0 hasta 15.0.1, 14.0.0 hasta 14.1.2 y 13.1.0 hasta 13.1.3.1, cuando la detecci\u00f3n del actor malo est\u00e1 configurada en un servidor virtual wildcard  en plataformas con sPVA basado en hardware, el rendimiento del sistema BIG-IP AFM se degrada."
    }
  ],
  "id": "CVE-2019-6672",
  "lastModified": "2024-11-21T04:46:55.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-27T22:15:11.850",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K14703097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K14703097"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-6672 (GCVE-0-2019-6672)

Vulnerability from cvelistv5

var-201911-0296

Vulnerability from variot

CERTFR-2019-AVI-593

Vulnerability from certfr_avis

Solution

ghsa-rx3r-224f-8r7p

Vulnerability from github

gsd-2019-6672

Vulnerability from gsd

cnvd-2020-46835

Vulnerability from cnvd

fkie_cve-2019-6672

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature