F5 Networks BIG-IP : BIG-IP Analytics vulnerability (K31152411)

medium Nessus Plugin ID 129312

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

BIG-IP platforms provisioned with AAM, AFM,Application Visibility and Reporting (AVR), APM, ASM, and/or PEM may leak sensitive data.
(CVE-2019-6655)

Impact

BIG-IP (AAM, AFM, AVR, APM, ASM, PEM)

The vulnerability is only present on BIG-IP systems provisioned with AAM, AFM, AVR, APM, ASM, and/or PEM on the following interfaces :

Management Interface in versions prior to 14.0.0.

Self IP addresseswith Port Lockdown configured as Allow All . Note :
The default setting for Port Lockdown is Allow None .

In both of these configurations, a malicious actor may be able to connect to the affected interface to extract sensitive information on the system, including but not limited to, client and server IP addresses, client request URIs, and metadata for attacks detected by the system.

BIG-IP (LTM, DNS, Edge Gateway, FPS, GTM, Link Controller, WebAccelerator), BIG-IQ, Enterprise Manager, and F5 iWorkflow / Traffix SDC

There is no impact; these F5 products are not affected by this vulnerability.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K31152411.

See Also

https://my.f5.com/manage/s/article/K31152411

Plugin Details

Severity: Medium

ID: 129312

File Name: f5_bigip_SOL31152411.nasl

Version: 1.5

Type: local

Published: 9/25/2019

Updated: 11/3/2023

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-6655

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/24/2019

Vulnerability Publication Date: 9/25/2019

Reference Information

CVE: CVE-2019-6655