CVE-2019-6665
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/11/2019
Last modified:
24/08/2020
Description
On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic.
Impact
Base Score 3.x
9.40
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.3.1 (including) |
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 14.0.0 (including) | 14.0.1 (including) |
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.2 (including) |
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 15.0.0 (including) | 15.0.1 (including) |
| cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* | 5.2.0 (including) | 5.4.0 (including) |
| cpe:2.3:a:f5:big-iq_centralized_management:6.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page