CVE-2019-6598 — MEDIUM (4.3)

Q: How severe is CVE-2019-6598?

CVE-2019-6598 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-6598?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.

Vulnerability Description

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
F5	Big-Ip Local Traffic Manager	>= 11.5.1, <= 11.5.8
F5	Big-Ip Application Acceleration Manager	>= 11.5.1, <= 11.5.8
F5	Big-Ip Advanced Firewall Manager	>= 11.5.1, <= 11.5.8
F5	Big-Ip Analytics	>= 11.5.1, <= 11.5.8
F5	Big-Ip Access Policy Manager	>= 11.5.1, <= 11.5.8
F5	Big-Ip Application Security Manager	>= 11.5.1, <= 11.5.8
F5	Big-Ip Domain Name System	>= 11.5.1, <= 11.5.8
F5	Big-Ip Edge Gateway	>= 11.5.1, <= 11.5.8
F5	Big-Ip Fraud Protection Service	>= 11.5.1, <= 11.5.8
F5	Big-Ip Global Traffic Manager	>= 11.5.1, <= 11.5.8
F5	Big-Ip Link Controller	>= 11.5.1, <= 11.5.8
F5	Big-Ip Policy Enforcement Manager	>= 11.5.1, <= 11.5.8
F5	Big-Ip Webaccelerator	>= 11.5.1, <= 11.5.8
F5	Enterprise Manager	3.1.1

References

https://support.f5.com/csp/article/K44603900Vendor Advisory
https://support.f5.com/csp/article/K44603900Vendor Advisory

FAQ

What is CVE-2019-6598?

CVE-2019-6598 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also ref...

How severe is CVE-2019-6598?

CVE-2019-6598 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6598?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.