Vulnerabilities > CVE-2019-6680 - Unspecified vulnerability in F5 products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
f5
nessus

Summary

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), hardware appliances may stop responding.

Vulnerable Configurations

Part Description Count
Application
F5
1089

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL53183580.NASL
descriptionWhile processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), hardware appliances may stop responding. (CVE-2019-6680) Impact This issue does not impact BIG-IP Virtual Edition (VE) systems, or appliances without a high-speed bridge. On hardware platforms with a high-speed bridge, this vulnerability allows remote attackers to cause a denial of service (DoS) on the BIG-IP system. The following hardware appliances do not have a high-speed bridge and are not affected by this vulnerability. All other platforms are vulnerable. Non-vulnerable platforms : BIG-IP 2000 BIG-IP 4000 BIG-IP 3600 BIG-IP 1600 In addition, this issue only affects a standard virtual server that sends traffic to a FastL4 virtual server on the same physical BIG-IP system, and the same vCMP guest in the case of vCMP. This issue does not affect a FastL4 virtual server that sends traffic to another FastL4 virtual server, nor does it affect a FastL4 virtual server that sends traffic to a standard virtual server.
last seen2020-03-17
modified2019-12-31
plugin id132569
published2019-12-31
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/132569
titleF5 Networks BIG-IP : TMM FastL4 vulnerability (K53183580)