1. Home
  2. CVE Database
  3. CVE-2019-6654
MEDIUM · 4.3

CVE-2019-6654

On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (ma...

Vulnerability Description

On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
F5Big-Ip Local Traffic Manager>= 11.5.1, <= 11.6.5
F5Big-Ip Advanced Firewall Manager>= 11.5.1, <= 11.6.5
F5Big-Ip Application Acceleration Manager>= 11.5.1, <= 11.6.5
F5Big-Ip Analytics>= 11.5.1, <= 11.6.5
F5Big-Ip Access Policy Manager>= 11.5.1, <= 11.6.5
F5Big-Ip Application Security Manager>= 11.5.1, <= 11.6.5
F5Big-Ip Edge Gateway>= 11.5.1, <= 11.6.5
F5Big-Ip Fraud Protection Service>= 11.5.1, <= 11.6.5
F5Big-Ip Global Traffic Manager>= 11.5.1, <= 11.6.5
F5Big-Ip Link Controller>= 11.5.1, <= 11.6.5
F5Big-Ip Policy Enforcement Manager>= 11.5.1, <= 11.6.5
F5Big-Ip Webaccelerator>= 11.5.1, <= 11.6.5
F5Big-Ip Domain Name System>= 11.5.1, <= 11.6.5

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2019-6654?

CVE-2019-6654 is a vulnerability with a CVSS score of 4.3 (MEDIUM). On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (ma...

How severe is CVE-2019-6654?

CVE-2019-6654 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6654?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.