Anti DNS Pinning Vulnerability in F5 BIG-IP and BIG-IQ Products
CVE-2019-6663

5.5MEDIUM

Key Information:

Vendor: F5
Status: Big-ip, Big-iq, Iworkflow, Enterprise Manager
Vendor: CVE Published:; 15 November 2019

What is CVE-2019-6663?

F5 BIG-IP and BIG-IQ products are susceptible to an Anti DNS Pinning (DNS Rebinding) vulnerability, which may allow attackers to exploit misuse of the DNS resolution process. This flaw affects various versions of the BIG-IP and BIG-IQ configuration utilities and can potentially enable malicious actors to craft requests that can lead to unauthorized actions on behalf of legitimate users. Proper security measures should be taken to mitigate risks associated with this vulnerability.

Affected Version(s)

BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, 11.5.1-11.6.5.1

BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager BIG-IQ 7.0.0, 6.0.0-6.1.0, 5.2.0-5.4.0

BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager iWorkflow 2.3.0, Enterprise Manager 3.1.1

References

https://support.f5.com/csp/article/K76052144

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2019
Vulnerability Reserved
Jan 22, 2019