On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses.
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K45644893 | Vendor Advisory |
https://support.f5.com/csp/article/K45644893 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Configuration 13 (hide)
|
History
21 Nov 2024, 04:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.f5.com/csp/article/K45644893 - Vendor Advisory |
Information
Published : 2019-09-25 19:15
Updated : 2024-11-21 04:46
NVD link : CVE-2019-6654
Mitre link : CVE-2019-6654
CVE.ORG link : CVE-2019-6654
JSON object : View
Products Affected
f5
- big-ip_application_security_manager
- big-ip_application_acceleration_manager
- big-ip_global_traffic_manager
- big-ip_policy_enforcement_manager
- big-ip_edge_gateway
- big-ip_fraud_protection_service
- big-ip_link_controller
- big-ip_domain_name_system
- big-ip_local_traffic_manager
- big-ip_webaccelerator
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- big-ip_analytics
CWE
CWE-20
Improper Input Validation