Multi-Path TCP Issue in BIG-IP Products by F5 Networks
CVE-2019-6594
5.9MEDIUM
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 26 February 2019
Summary
An issue exists in the Multi-Path TCP (MPTCP) implementation in specific versions of BIG-IP products from F5 Networks. This vulnerability occurs when the system fails to adequately manage multiple zero length DATA_FIN packets in the reassembly queue, which may result in an infinite loop under certain conditions. It is crucial for users of affected versions to be aware of this issue and implement recommended mitigations.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, 14.0.0-14.0.0.2
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved