F5 SSL Orchestrator Vulnerability Leading to Potential DoS in Service-Chaining Configurations
CVE-2019-6674

7.5HIGH

Key Information:

Vendor: F5
Status: Ssl Orchestrator
Vendor: CVE Published:; 27 November 2019

What is CVE-2019-6674?

An issue has been identified in F5 SSL Orchestrator that can lead to a Denial of Service (DoS) condition. Specifically, versions 15.0.0 to 15.0.1 and 14.0.0 to 14.1.2 may experience a crash in the Traffic Management Microkernel (TMM) when processing SSL Orchestrator data within a service-chaining configuration. This vulnerability could disrupt the normal operation of affected systems, highlighting the need for timely updates and appropriate protective measures. For detailed information, refer to the official documentation.

Affected Version(s)

SSL Orchestrator 15.0.0-15.0.1

SSL Orchestrator 14.0.0-14.1.2

References

https://support.f5.com/csp/article/K21135478

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2019
Vulnerability Reserved
Jan 22, 2019

JSON