Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P
Vendors Products
F5
  • Big-ip Edge Gateway
  • Big-ip Policy Enforcement Manager
  • Big-ip Analytics
  • Big-ip Access Policy Manager
  • Big-ip Link Controller
  • Big-ip Webaccelerator
  • Big-ip Application Acceleration Manager
  • Big-ip Fraud Protection Service
  • Big-ip Domain Name System
  • Big-ip Global Traffic Manager
  • Big-ip Advanced Firewall Manager
  • Big-ip Local Traffic Manager
  • Big-ip Application Security Manager

Configuration 1 [-]

OR cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0:*:*:*:*:*:*:*

Configuration 8 [-]

OR cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0:*:*:*:*:*:*:*

Configuration 9 [-]

OR cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0:*:*:*:*:*:*:*

Configuration 10 [-]

OR cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*

Configuration 11 [-]

OR cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0:*:*:*:*:*:*:*

Configuration 12 [-]

OR cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0:*:*:*:*:*:*:*

Configuration 13 [-]

OR cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*
References
Link Resource
https://support.f5.com/csp/article/K75532331 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: f5

Published: 2019-09-04T16:58:45

Updated: 2019-09-04T16:58:45

Reserved: 2019-01-22T00:00:00

Link: CVE-2019-6644

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2019-09-04T17:15:11.520

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-6644

JSON object: View

cve-icon Redhat Information

No data.

CWE