CVE-2019-6634 — MEDIUM (6.5)

Q: How severe is CVE-2019-6634?

CVE-2019-6634 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-6634?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.

Vulnerability Description

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
F5	Big-Ip Local Traffic Manager	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Application Acceleration Manager	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Advanced Firewall Manager	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Analytics	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Access Policy Manager	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Application Security Manager	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Domain Name System	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Edge Gateway	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Global Traffic Manager	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Link Controller	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Policy Enforcement Manager	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Webaccelerator	>= 12.1.0, < 12.1.4.1
F5	Big-Ip Fraud Protection Service	>= 12.1.0, < 12.1.4.1

References

http://www.securityfocus.com/bid/109104Third Party AdvisoryVDB Entry
https://support.f5.com/csp/article/K64855220Vendor Advisory
http://www.securityfocus.com/bid/109104Third Party AdvisoryVDB Entry
https://support.f5.com/csp/article/K64855220Vendor Advisory

FAQ

What is CVE-2019-6634?

CVE-2019-6634 is a vulnerability with a CVSS score of 6.5 (MEDIUM). On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with ...

How severe is CVE-2019-6634?

CVE-2019-6634 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6634?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.