Vulnerabilities > CVE-2019-6655 - Unspecified vulnerability in F5 products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
f5
nessus

Summary

On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms where AVR, ASM, APM, PEM, AFM, and/or AAM is provisioned may leak sensitive data.

Vulnerable Configurations

Part Description Count
Application
F5
238

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL31152411.NASL
descriptionBIG-IP platforms provisioned with AAM, AFM,Application Visibility and Reporting (AVR), APM, ASM, and/or PEM may leak sensitive data. (CVE-2019-6655) Impact BIG-IP (AAM, AFM, AVR, APM, ASM, PEM) The vulnerability is only present on BIG-IP systems provisioned with AAM, AFM, AVR, APM, ASM, and/or PEM on the following interfaces : Management Interface in versions prior to 14.0.0. Self IP addresseswith Port Lockdown configured as Allow All . Note : The default setting for Port Lockdown is Allow None . In both of these configurations, a malicious actor may be able to connect to the affected interface to extract sensitive information on the system, including but not limited to, client and server IP addresses, client request URIs, and metadata for attacks detected by the system. BIG-IP (LTM, DNS, Edge Gateway, FPS, GTM, Link Controller, WebAccelerator), BIG-IQ, Enterprise Manager, and F5 iWorkflow / Traffix SDC There is no impact; these F5 products are not affected by this vulnerability.
last seen2020-06-01
modified2020-06-02
plugin id129312
published2019-09-25
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/129312
titleF5 Networks BIG-IP : BIG-IP Analytics vulnerability (K31152411)
code
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K31152411.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(129312);
  script_version("1.4");
  script_cvs_date("Date: 2019/12/24");

  script_cve_id("CVE-2019-6655");

  script_name(english:"F5 Networks BIG-IP : BIG-IP Analytics vulnerability (K31152411)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"BIG-IP platforms provisioned with AAM, AFM,Application Visibility and
Reporting (AVR), APM, ASM, and/or PEM may leak sensitive data.
(CVE-2019-6655)

Impact

BIG-IP (AAM, AFM, AVR, APM, ASM, PEM)

The vulnerability is only present on BIG-IP systems provisioned with
AAM, AFM, AVR, APM, ASM, and/or PEM on the following interfaces :

Management Interface in versions prior to 14.0.0.

Self IP addresseswith Port Lockdown configured as Allow All . Note :
The default setting for Port Lockdown is Allow None .

In both of these configurations, a malicious actor may be able to
connect to the affected interface to extract sensitive information on
the system, including but not limited to, client and server IP
addresses, client request URIs, and metadata for attacks detected by
the system.

BIG-IP (LTM, DNS, Edge Gateway, FPS, GTM, Link Controller,
WebAccelerator), BIG-IQ, Enterprise Manager, and F5 iWorkflow /
Traffix SDC

There is no impact; these F5 products are not affected by this
vulnerability."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K31152411"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K31152411."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/25");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "K31152411";
vmatrix = make_array();

if (report_paranoia < 2) audit(AUDIT_PARANOID);

# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected"  ] = make_list("13.1.0","12.1.0-12.1.4","11.6.1-11.6.4","11.5.2-11.5.9");
vmatrix["AFM"]["unaffected"] = make_list("14.0.0","13.1.0.2","12.1.5","11.6.5","11.5.10");

# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected"  ] = make_list("13.1.0","12.1.0-12.1.4","11.6.1-11.6.4","11.5.2-11.5.9");
vmatrix["AM"]["unaffected"] = make_list("14.0.0","13.1.0.2","12.1.5","11.6.5","11.5.10");

# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected"  ] = make_list("13.1.0","12.1.0-12.1.4","11.6.1-11.6.4","11.5.2-11.5.9");
vmatrix["APM"]["unaffected"] = make_list("14.0.0","13.1.0.2","12.1.5","11.6.5","11.5.10");

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("13.1.0","12.1.0-12.1.4","11.6.1-11.6.4","11.5.2-11.5.9");
vmatrix["ASM"]["unaffected"] = make_list("14.0.0","13.1.0.2","12.1.5","11.6.5","11.5.10");

# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected"  ] = make_list("13.1.0","12.1.0-12.1.4","11.6.1-11.6.4","11.5.2-11.5.9");
vmatrix["AVR"]["unaffected"] = make_list("14.0.0","13.1.0.2","12.1.5","11.6.5","11.5.10");

# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected"  ] = make_list("13.1.0","12.1.0-12.1.4","11.6.1-11.6.4","11.5.2-11.5.9");
vmatrix["PEM"]["unaffected"] = make_list("14.0.0","13.1.0.2","12.1.5","11.6.5","11.5.10");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}