Multi-Path TCP Issue in BIG-IP Products by F5 Networks
CVE-2019-6594

5.9MEDIUM

Key Information:

Vendor: F5
Status: Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator)
Vendor: CVE Published:; 26 February 2019

What is CVE-2019-6594?

An issue exists in the Multi-Path TCP (MPTCP) implementation in specific versions of BIG-IP products from F5 Networks. This vulnerability occurs when the system fails to adequately manage multiple zero length DATA_FIN packets in the reassembly queue, which may result in an infinite loop under certain conditions. It is crucial for users of affected versions to be aware of this issue and implement recommended mitigations.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, 14.0.0-14.0.0.2

References

https://support.f5.com/csp/article/K91026261

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2019
Vulnerability Reserved
Jan 22, 2019