In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack.
No CVSS v3.1
Attack Vector Network
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact Low
User Interaction None
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
AV:N/AC:L/Au:S/C:N/I:N/A:P
Vendors | Products |
---|---|
F5 |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
Configuration 14 [-]
|
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K44603900 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: f5
Published: 2019-03-11T00:00:00
Updated: 2019-03-13T21:57:01
Reserved: 2019-01-22T00:00:00
Link: CVE-2019-6598
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-13T22:29:00.473
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-6598
JSON object: View
Redhat Information
No data.
CWE