5.3

CVE-2019-6647

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attackers with access to the management interface could eventually deplete memory on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5Big-ip Local Traffic Manager Version >= 11.5.1 <= 11.6.4
F5Big-ip Local Traffic Manager Version >= 12.1.0 <= 12.1.4
F5Big-ip Local Traffic Manager Version >= 13.0.0 <= 13.1.1
F5Big-ip Local Traffic Manager Version14.0.0
F5Big-ip Local Traffic Manager Version14.1.0
F5Big-ip Advanced Firewall Manager Version >= 11.5.1 <= 11.6.4
F5Big-ip Advanced Firewall Manager Version >= 12.1.0 <= 12.1.4
F5Big-ip Advanced Firewall Manager Version >= 13.0.0 <= 13.1.1
F5Big-ip Application Acceleration Manager Version >= 11.5.1 <= 11.6.4
F5Big-ip Application Acceleration Manager Version >= 12.1.0 <= 12.1.4
F5Big-ip Application Acceleration Manager Version >= 13.0.0 <= 13.1.1
F5Big-ip Analytics Version >= 11.5.1 <= 11.6.4
F5Big-ip Analytics Version >= 12.1.0 <= 12.1.4
F5Big-ip Analytics Version >= 13.0.0 <= 13.1.1
F5Big-ip Analytics Version14.0.0
F5Big-ip Analytics Version14.1.0
F5Big-ip Access Policy Manager Version >= 11.5.1 <= 11.6.4
F5Big-ip Access Policy Manager Version >= 12.1.0 <= 12.1.4
F5Big-ip Access Policy Manager Version >= 13.0.0 <= 13.1.1
F5Big-ip Access Policy Manager Version14.0.0
F5Big-ip Access Policy Manager Version14.1.0
F5Big-ip Application Security Manager Version >= 11.5.1 <= 11.6.4
F5Big-ip Application Security Manager Version >= 12.1.0 <= 12.1.4
F5Big-ip Application Security Manager Version >= 13.0.0 <= 13.1.1
F5Big-ip Edge Gateway Version >= 11.5.1 <= 11.6.4
F5Big-ip Edge Gateway Version >= 12.1.0 <= 12.1.4
F5Big-ip Edge Gateway Version >= 13.0.0 <= 13.1.1
F5Big-ip Edge Gateway Version14.0.0
F5Big-ip Edge Gateway Version14.1.0
F5Big-ip Fraud Protection Service Version >= 11.5.1 <= 11.6.4
F5Big-ip Fraud Protection Service Version >= 12.1.0 <= 12.1.4
F5Big-ip Fraud Protection Service Version >= 13.0.0 <= 13.1.1
F5Big-ip Global Traffic Manager Version >= 11.5.1 <= 11.6.4
F5Big-ip Global Traffic Manager Version >= 12.1.0 <= 12.1.4
F5Big-ip Global Traffic Manager Version >= 13.0.0 <= 13.1.1
F5Big-ip Global Traffic Manager Version14.0.0
F5Big-ip Global Traffic Manager Version14.1.0
F5Big-ip Link Controller Version >= 11.5.1 <= 11.6.4
F5Big-ip Link Controller Version >= 12.1.0 <= 12.1.4
F5Big-ip Link Controller Version >= 13.0.0 <= 13.1.1
F5Big-ip Link Controller Version14.0.0
F5Big-ip Link Controller Version14.1.0
F5Big-ip Policy Enforcement Manager Version >= 11.5.1 <= 11.6.4
F5Big-ip Policy Enforcement Manager Version >= 12.1.0 <= 12.1.4
F5Big-ip Policy Enforcement Manager Version >= 13.0.0 <= 13.1.1
F5Big-ip Webaccelerator Version >= 11.5.1 <= 11.6.4
F5Big-ip Webaccelerator Version >= 12.1.0 <= 12.1.4
F5Big-ip Webaccelerator Version >= 13.0.0 <= 13.1.1
F5Big-ip Webaccelerator Version14.0.0
F5Big-ip Webaccelerator Version14.1.0
F5Big-ip Domain Name System Version >= 11.5.1 <= 11.6.4
F5Big-ip Domain Name System Version >= 12.1.0 <= 12.1.4
F5Big-ip Domain Name System Version >= 13.0.0 <= 13.1.1
F5Big-ip Domain Name System Version14.0.0
F5Big-ip Domain Name System Version14.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.36% 0.681
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://support.f5.com/csp/article/K87920510
Vendor Advisory