Improper Input Validation in F5 BIG-IP ASM and BIG-IQ
CVE-2019-6665

9.4CRITICAL

Key Information:

Vendor: F5
Status: Big-ip Asm; Big-iq; Iworkflow; Enterprise Manager
Vendor: CVE Published:; 27 November 2019

Summary

The vulnerability in F5 BIG-IP ASM and BIG-IQ allows an attacker with access to the communication channel to manipulate the traffic between Central Policy Builder and the management components. This situation arises due to improper input validation, enabling potential interception of sensitive data during the communication process.

Affected Version(s)

BIG-IP ASM 15.0.0-15.0.1

BIG-IP ASM 14.1.0-14.1.2

BIG-IP ASM 14.0.0-14.0.1

References

https://support.f5.com/csp/article/K26462555

x_refsource_CONFIRM

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2019
Vulnerability Reserved
Jan 22, 2019