9.4

CVE-2019-6644

EPSS 0.79%
Published 04.09.2019 17:15:11
Last modified 21.11.2024 04:46:52
Source f5sirt@f5.com
Teams watchlist Login
Open Login

Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

F5 ≫ Big-ip Local Traffic Manager Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Local Traffic Manager Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Local Traffic Manager Version14.0.0

F5 ≫ Big-ip Local Traffic Manager Version14.1.0

F5 ≫ Big-ip Advanced Firewall Manager Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Advanced Firewall Manager Version14.0.0

F5 ≫ Big-ip Advanced Firewall Manager Version14.1.0

F5 ≫ Big-ip Application Acceleration Manager Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Application Acceleration Manager Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Application Acceleration Manager Version14.0.0

F5 ≫ Big-ip Application Acceleration Manager Version14.1.0

F5 ≫ Big-ip Analytics Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Analytics Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Analytics Version14.0.0

F5 ≫ Big-ip Analytics Version14.1.0

F5 ≫ Big-ip Access Policy Manager Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Access Policy Manager Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Access Policy Manager Version14.0.0

F5 ≫ Big-ip Access Policy Manager Version14.1.0

F5 ≫ Big-ip Application Security Manager Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Application Security Manager Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Application Security Manager Version14.0.0

F5 ≫ Big-ip Application Security Manager Version14.1.0

F5 ≫ Big-ip Edge Gateway Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Edge Gateway Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Edge Gateway Version14.0.0

F5 ≫ Big-ip Edge Gateway Version14.1.0

F5 ≫ Big-ip Fraud Protection Service Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Fraud Protection Service Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Fraud Protection Service Version14.0.0

F5 ≫ Big-ip Fraud Protection Service Version14.1.0

F5 ≫ Big-ip Global Traffic Manager Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Global Traffic Manager Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Global Traffic Manager Version14.0.0

F5 ≫ Big-ip Global Traffic Manager Version14.1.0

F5 ≫ Big-ip Link Controller Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Link Controller Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Link Controller Version14.0.0

F5 ≫ Big-ip Link Controller Version14.1.0

F5 ≫ Big-ip Policy Enforcement Manager Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Policy Enforcement Manager Version14.0.0

F5 ≫ Big-ip Policy Enforcement Manager Version14.1.0

F5 ≫ Big-ip Webaccelerator Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Webaccelerator Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Webaccelerator Version14.0.0

F5 ≫ Big-ip Webaccelerator Version14.1.0

F5 ≫ Big-ip Domain Name System Version >= 12.1.3 <= 12.1.4

F5 ≫ Big-ip Domain Name System Version >= 13.0.0 <= 13.1.2

F5 ≫ Big-ip Domain Name System Version14.0.0

F5 ≫ Big-ip Domain Name System Version14.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.79%	0.716

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.4	3.9	5.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

https://support.f5.com/csp/article/K75532331

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-6644

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6644

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6644

EUVD