On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses.
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact Low
Availability Impact None
User Interaction None
No CVSS v3.0
Access Vector Adjacent Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:A/AC:L/Au:N/C:N/I:P/A:N
Vendors | Products |
---|---|
F5 |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K45644893 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: f5
Published: 2019-09-25T18:57:48
Updated: 2019-09-25T18:57:48
Reserved: 2019-01-22T00:00:00
Link: CVE-2019-6654
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-09-25T19:15:10.767
Modified: 2019-09-26T16:05:15.033
Link: CVE-2019-6654
JSON object: View
Redhat Information
No data.
CWE