Sensitive Information Exposure in F5 BIG-IP and Enterprise Manager
CVE-2019-6649

9.1CRITICAL

Key Information:

Vendor: F5 Networks
Status: Big-ip, Enterprise Manager
Vendor: CVE Published:; 20 September 2019

Summary

F5 BIG-IP and Enterprise Manager may inadvertently reveal sensitive information and enable unauthorized changes to system configurations when non-standard ConfigSync settings are employed. This can lead to potential exploitation by malicious actors who gain access to sensitive data and system controls, posing a significant security threat.

Affected Version(s)

BIG-IP, Enterprise Manager BIG-IP 15.0.0

BIG-IP, Enterprise Manager 14.1.0-14.1.0.6

BIG-IP, Enterprise Manager 14.0.0-14.0.0.5

References

https://support.f5.com/csp/article/K05123525

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2019
Vulnerability Reserved
Jan 22, 2019