Vulnerabilities > CVE-2019-6681 - Memory Leak vulnerability in F5 Big-Ip Local Traffic Manager

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

CWE-401

nessus

NVD

Published: 2019-12-23

Updated: 2021-07-21

Summary

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Local Traffic Manager 12.1.0 F5 BIG IP Local Traffic Manager 12.1.1 F5 BIG IP Local Traffic Manager 12.1.2 F5 BIG IP Local Traffic Manager 12.1.3 F5 BIG IP Local Traffic Manager 12.1.3.1 F5 BIG IP Local Traffic Manager 12.1.3.2 F5 BIG IP Local Traffic Manager 12.1.3.3 F5 BIG IP Local Traffic Manager 12.1.3.4 F5 BIG IP Local Traffic Manager 12.1.3.5 F5 BIG IP Local Traffic Manager 12.1.3.6 F5 BIG IP Local Traffic Manager 12.1.3.7 F5 BIG IP Local Traffic Manager 12.1.4 F5 BIG IP Local Traffic Manager 12.1.4.1 F5 BIG IP Local Traffic Manager 12.1.4.1.0.97.6 F5 BIG IP Local Traffic Manager 12.1.4.2 F5 BIG IP Local Traffic Manager 14.1.0 F5 BIG IP Local Traffic Manager 14.1.0.1 F5 BIG IP Local Traffic Manager 14.1.0.2 F5 BIG IP Local Traffic Manager 14.1.0.2.0.45.4 F5 BIG IP Local Traffic Manager 14.1.0.2.0.62.4 F5 BIG IP Local Traffic Manager 14.1.0.3 F5 BIG IP Local Traffic Manager 14.1.0.3.0.79.6 F5 BIG IP Local Traffic Manager 14.1.0.3.0.97.6 F5 BIG IP Local Traffic Manager 14.1.0.3.0.99.6 F5 BIG IP Local Traffic Manager 14.1.0.5 F5 BIG IP Local Traffic Manager 14.1.0.5.0.15.5 F5 BIG IP Local Traffic Manager 14.1.0.5.0.36.5 F5 BIG IP Local Traffic Manager 14.1.0.5.0.40.5 F5 BIG IP Local Traffic Manager 14.1.0.6 F5 BIG IP Local Traffic Manager 14.1.0.6.0.11.9 F5 BIG IP Local Traffic Manager 14.1.0.6.0.14.9 F5 BIG IP Local Traffic Manager 14.1.0.6.0.68.9 F5 BIG IP Local Traffic Manager 14.1.0.6.0.70.9 F5 BIG IP Local Traffic Manager 14.1.2 F5 BIG IP Local Traffic Manager 14.1.2-0.0.37 F5 BIG IP Local Traffic Manager 14.1.2-0.89.37 F5 BIG IP Local Traffic Manager 14.1.2.0.11.37 F5 BIG IP Local Traffic Manager 14.1.2.0.18.37 F5 BIG IP Local Traffic Manager 14.1.2.0.32.37 F5 BIG IP Local Traffic Manager 14.0.0 F5 BIG IP Local Traffic Manager 14.0.0.2 F5 BIG IP Local Traffic Manager 14.0.0.3 F5 BIG IP Local Traffic Manager 14.0.0.4 F5 BIG IP Local Traffic Manager 14.0.0.5 F5 BIG IP Local Traffic Manager 14.0.1 F5 BIG IP Local Traffic Manager 13.1.0 F5 BIG IP Local Traffic Manager 13.1.0.0 F5 BIG IP Local Traffic Manager 13.1.0.1 F5 BIG IP Local Traffic Manager 13.1.0.2 F5 BIG IP Local Traffic Manager 13.1.0.3 F5 BIG IP Local Traffic Manager 13.1.0.4 F5 BIG IP Local Traffic Manager 13.1.0.5 F5 BIG IP Local Traffic Manager 13.1.0.6 F5 BIG IP Local Traffic Manager 13.1.0.7 F5 BIG IP Local Traffic Manager 13.1.0.8 F5 BIG IP Local Traffic Manager 13.1.1 F5 BIG IP Local Traffic Manager 13.1.1.1 F5 BIG IP Local Traffic Manager 13.1.1.2 F5 BIG IP Local Traffic Manager 13.1.1.3 F5 BIG IP Local Traffic Manager 13.1.1.4 F5 BIG IP Local Traffic Manager 13.1.1.5 F5 BIG IP Local Traffic Manager 13.1.2 F5 BIG IP Local Traffic Manager 13.1.3 F5 BIG IP Local Traffic Manager 13.1.3.1 F5 BIG IP Local Traffic Manager 15.0.0 F5 BIG IP Local Traffic Manager 15.0.1 F5 BIG IP Local Traffic Manager 15.0.1.1 F5 BIG IP Local Traffic Manager 15.0.1.2 F5 BIG IP Local Traffic Manager 15.1.0	72

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Nessus

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL93417064.NASL
description	Memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted. (CVE-2019-6681) Impact A BIG-IP system licensed with the ZebOS dynamic routing and multicast routing bundle, configured with (static or dynamic) multicast routes that use the Multicast Forwarding Cache (MFC), may experience a memory leak in the tmrouted process, exhaust system resources, restart, and cause a disruption of service. MFC is used for forwarding packets matching multicast routes and is used by static and dynamic multicast routing protocols. Note : ZebOS dynamic routing and multicast routing bundle licenses are required. Vulnerable configurations consist of static multicast routes or dynamic multicast routing protocols configured, such as Protocol Independent Multicasting (PIM). For more information about PIM multicast routing configurations, refer to the BIG-IP Advanced Routing Multicast Configuration Guide . For information about multicast static route creation, refer to the ip mroute command section in the BIG-IPAdvanced Routing Network Services Manager Command Line Interface Reference Guide . Note : For information about how to locate F5 product manuals, refer to K98133564: Tips for searching AskF5 and finding product documentation.
last seen	2020-03-17
modified	2019-12-31
plugin id	132580
published	2019-12-31
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132580
title	F5 Networks BIG-IP : MFC vulnerability (K93417064)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K93417064. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(132580); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09"); script_cve_id("CVE-2019-6681"); script_name(english:"F5 Networks BIG-IP : MFC vulnerability (K93417064)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "Memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted. (CVE-2019-6681) Impact A BIG-IP system licensed with the ZebOS dynamic routing and multicast routing bundle, configured with (static or dynamic) multicast routes that use the Multicast Forwarding Cache (MFC), may experience a memory leak in the tmrouted process, exhaust system resources, restart, and cause a disruption of service. MFC is used for forwarding packets matching multicast routes and is used by static and dynamic multicast routing protocols. Note : ZebOS dynamic routing and multicast routing bundle licenses are required. Vulnerable configurations consist of static multicast routes or dynamic multicast routing protocols configured, such as Protocol Independent Multicasting (PIM). For more information about PIM multicast routing configurations, refer to the BIG-IP Advanced Routing Multicast Configuration Guide . For information about multicast static route creation, refer to the ip mroute command section in the BIG-IPAdvanced Routing Network Services Manager Command Line Interface Reference Guide . Note : For information about how to locate F5 product manuals, refer to K98133564: Tips for searching AskF5 and finding product documentation." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K93417064" ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K98133564" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K93417064." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6681"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/23"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K93417064"; vmatrix = make_array(); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("15.0.0-15.0.1","14.1.0-14.1.2","14.0.0-14.0.1","13.1.0-13.1.3","12.1.0-12.1.5"); vmatrix["LTM"]["unaffected"] = make_list("15.1.0","14.1.2.1","14.0.1.1","13.1.3.2","12.1.5.1"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get()); else security_hole(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running the affected module LTM"); }

References

https://support.f5.com/csp/article/K93417064