Multi-Path TCP Issue in BIG-IP Products by F5 Networks
CVE-2019-6594

5.9MEDIUM

Summary

An issue exists in the Multi-Path TCP (MPTCP) implementation in specific versions of BIG-IP products from F5 Networks. This vulnerability occurs when the system fails to adequately manage multiple zero length DATA_FIN packets in the reassembly queue, which may result in an infinite loop under certain conditions. It is crucial for users of affected versions to be aware of this issue and implement recommended mitigations.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, 14.0.0-14.0.0.2

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.