cvelistv5 - cve-2019-6627

CVE-2019-6627 (GCVE-0-2019-6627)

Vulnerability from cvelistv5 – Published: 2019-07-03 17:46 – Updated: 2024-08-04 20:23

Summary

Severity ?

No CVSS data available.

CWE

Assigner

References

URL

Tags

https://support.f5.com/csp/article/K36320691

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	F5	F5 SSL Orchestrator	Affected: F5 SSL Orchestrator 14.1.0-14.1.0.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:22.166Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K36320691"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "F5 SSL Orchestrator",
          "vendor": "F5",
          "versions": [
            {
              "status": "affected",
              "version": "F5 SSL Orchestrator 14.1.0-14.1.0.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "DoS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-03T17:46:11",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K36320691"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2019-6627",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "F5 SSL Orchestrator",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "F5 SSL Orchestrator 14.1.0-14.1.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "F5"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DoS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K36320691",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K36320691"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2019-6627",
    "datePublished": "2019-07-03T17:46:11",
    "dateReserved": "2019-01-22T00:00:00",
    "dateUpdated": "2024-08-04T20:23:22.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndExcluding\": \"14.1.0.6\", \"matchCriteriaId\": \"0F15CDA3-B0CA-4F4C-AD7E-CF8BA973DD41\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled.\"}, {\"lang\": \"es\", \"value\": \"En F5 SSL Orchestrator 14.1.0-14.1.0.5, en raras ocasiones, espec\\u00edficas de una determinada condici\\u00f3n de carrera, TMM puede reiniciarse cuando el proxy de reenv\\u00edo de SSL aplica la acci\\u00f3n de omisi\\u00f3n para un servidor virtual transparente SSL Orchestrator con SNAT habilitado.\"}]",
      "id": "CVE-2019-6627",
      "lastModified": "2024-11-21T04:46:50.230",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-07-03T18:15:10.693",
      "references": "[{\"url\": \"https://support.f5.com/csp/article/K36320691\", \"source\": \"f5sirt@f5.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K36320691\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "f5sirt@f5.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6627\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2019-07-03T18:15:10.693\",\"lastModified\":\"2024-11-21T04:46:50.230\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled.\"},{\"lang\":\"es\",\"value\":\"En F5 SSL Orchestrator 14.1.0-14.1.0.5, en raras ocasiones, espec\u00edficas de una determinada condici\u00f3n de carrera, TMM puede reiniciarse cuando el proxy de reenv\u00edo de SSL aplica la acci\u00f3n de omisi\u00f3n para un servidor virtual transparente SSL Orchestrator con SNAT habilitado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.0.6\",\"matchCriteriaId\":\"0F15CDA3-B0CA-4F4C-AD7E-CF8BA973DD41\"}]}]}],\"references\":[{\"url\":\"https://support.f5.com/csp/article/K36320691\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K36320691\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-XMXC-MVX2-Q963

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:10

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6627"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-03T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled.",
  "id": "GHSA-xmxc-mvx2-q963",
  "modified": "2024-04-04T01:10:53Z",
  "published": "2022-05-24T16:49:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6627"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K36320691"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2019-AVI-302

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 14.1.x antérieures à 4.1.0.6
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 12.x antérieures à 12.1.4.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 14.0.x antérieures à 14.0.0.5
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.5.x antérieures à 11.5.9
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.6.x antérieures à 11.6.4
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 13.x antérieures à 13.1.1.5

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K72335002 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K00432398 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K73522927 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K07127032 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K68151373 du 02 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K36320691 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K11330536 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K40443301 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K44885536 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K61002104 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K01413496 du 01 juillet 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 14.1.x ant\u00e9rieures \u00e0 4.1.0.6",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 12.x ant\u00e9rieures \u00e0 12.1.4.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 14.0.x ant\u00e9rieures \u00e0 14.0.0.5",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.5.x ant\u00e9rieures \u00e0 11.5.9",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.6.x ant\u00e9rieures \u00e0 11.6.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 13.x ant\u00e9rieures \u00e0 13.1.1.5",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-6623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6623"
    },
    {
      "name": "CVE-2019-6633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6633"
    },
    {
      "name": "CVE-2019-6635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6635"
    },
    {
      "name": "CVE-2019-6622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6622"
    },
    {
      "name": "CVE-2019-6632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6632"
    },
    {
      "name": "CVE-2019-6639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6639"
    },
    {
      "name": "CVE-2019-6627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6627"
    },
    {
      "name": "CVE-2019-6636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6636"
    },
    {
      "name": "CVE-2019-6624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6624"
    },
    {
      "name": "CVE-2019-6640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6640"
    },
    {
      "name": "CVE-2019-6626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6626"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-302",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-07-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K72335002 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K72335002"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K00432398 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K00432398"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K73522927 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K73522927"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K07127032 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K07127032"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K68151373 du 02 juillet 2019",
      "url": "https://support.f5.com/csp/article/K68151373"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K36320691 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K36320691"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K11330536 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K11330536"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K40443301 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K40443301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44885536 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K44885536"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K61002104 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K61002104"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K01413496 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K01413496"
    }
  ]
}

CERTFR-2019-AVI-302

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 14.1.x antérieures à 4.1.0.6
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 12.x antérieures à 12.1.4.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 14.0.x antérieures à 14.0.0.5
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.5.x antérieures à 11.5.9
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.6.x antérieures à 11.6.4
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 13.x antérieures à 13.1.1.5

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K72335002 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K00432398 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K73522927 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K07127032 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K68151373 du 02 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K36320691 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K11330536 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K40443301 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K44885536 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K61002104 du 01 juillet 2019	None	vendor-advisory
Bulletin de sécurité F5 K01413496 du 01 juillet 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 14.1.x ant\u00e9rieures \u00e0 4.1.0.6",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 12.x ant\u00e9rieures \u00e0 12.1.4.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 14.0.x ant\u00e9rieures \u00e0 14.0.0.5",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.5.x ant\u00e9rieures \u00e0 11.5.9",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.6.x ant\u00e9rieures \u00e0 11.6.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator, WebSafe) versions 13.x ant\u00e9rieures \u00e0 13.1.1.5",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-6623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6623"
    },
    {
      "name": "CVE-2019-6633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6633"
    },
    {
      "name": "CVE-2019-6635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6635"
    },
    {
      "name": "CVE-2019-6622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6622"
    },
    {
      "name": "CVE-2019-6632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6632"
    },
    {
      "name": "CVE-2019-6639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6639"
    },
    {
      "name": "CVE-2019-6627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6627"
    },
    {
      "name": "CVE-2019-6636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6636"
    },
    {
      "name": "CVE-2019-6624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6624"
    },
    {
      "name": "CVE-2019-6640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6640"
    },
    {
      "name": "CVE-2019-6626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6626"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-302",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-07-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K72335002 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K72335002"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K00432398 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K00432398"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K73522927 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K73522927"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K07127032 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K07127032"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K68151373 du 02 juillet 2019",
      "url": "https://support.f5.com/csp/article/K68151373"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K36320691 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K36320691"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K11330536 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K11330536"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K40443301 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K40443301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44885536 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K44885536"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K61002104 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K61002104"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K01413496 du 01 juillet 2019",
      "url": "https://support.f5.com/csp/article/K01413496"
    }
  ]
}

FKIE_CVE-2019-6627

Vulnerability from fkie_nvd - Published: 2019-07-03 18:15 - Updated: 2024-11-21 04:46

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	f5sirt@f5.com	https://support.f5.com/csp/article/K36320691	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K36320691	Vendor Advisory

Impacted products

	Vendor	Product	Version
	f5	ssl_orchestrator	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F15CDA3-B0CA-4F4C-AD7E-CF8BA973DD41",
              "versionEndExcluding": "14.1.0.6",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled."
    },
    {
      "lang": "es",
      "value": "En F5 SSL Orchestrator 14.1.0-14.1.0.5, en raras ocasiones, espec\u00edficas de una determinada condici\u00f3n de carrera, TMM puede reiniciarse cuando el proxy de reenv\u00edo de SSL aplica la acci\u00f3n de omisi\u00f3n para un servidor virtual transparente SSL Orchestrator con SNAT habilitado."
    }
  ],
  "id": "CVE-2019-6627",
  "lastModified": "2024-11-21T04:46:50.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-03T18:15:10.693",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K36320691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K36320691"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-6627

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-6627

Aliases

CVE-2019-6627

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6627",
    "description": "On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled.",
    "id": "GSD-2019-6627"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6627"
      ],
      "details": "On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled.",
      "id": "GSD-2019-6627",
      "modified": "2023-12-13T01:23:49.831566Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "f5sirt@f5.com",
        "ID": "CVE-2019-6627",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "F5 SSL Orchestrator",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "F5 SSL Orchestrator 14.1.0-14.1.0.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "F5"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "DoS"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.f5.com/csp/article/K36320691",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K36320691"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.1.0.6",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2019-6627"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K36320691",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K36320691"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-07-10T18:11Z",
      "publishedDate": "2019-07-03T18:15Z"
    }
  }
}

VAR-201907-0132

Vulnerability from variot - Updated: 2023-12-18 12:56

On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled. F5 SSL Orchestrator is an all-in-one device solution designed for SSL infrastructure by F5 Corporation of the United States. This product provides policy-based dynamic decryption, encryption, and flow control functions. A security vulnerability exists in F5 SSL Orchestrator version 14.1.0. An attacker can exploit this vulnerability to restart the TMM, causing traffic interruption or failover

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0132",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ssl orchestrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0.6"
      },
      {
        "model": "ssl orchestrator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "ssl orchestrator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "14.1.0 to  14.1.0.5"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006170"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6627"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.1.0.6",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6627"
      }
    ]
  },
  "cve": "CVE-2019-6627",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-6627",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-158062",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-6627",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-6627",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-058",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-158062",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158062"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006170"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6627"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-058"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled. F5 SSL Orchestrator is an all-in-one device solution designed for SSL infrastructure by F5 Corporation of the United States. This product provides policy-based dynamic decryption, encryption, and flow control functions. A security vulnerability exists in F5 SSL Orchestrator version 14.1.0. An attacker can exploit this vulnerability to restart the TMM, causing traffic interruption or failover",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6627"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006170"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158062"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6627",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006170",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-058",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2409",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-158062",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158062"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006170"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6627"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-058"
      }
    ]
  },
  "id": "VAR-201907-0132",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158062"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:56:30.821000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "K36320691",
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/k36320691"
      },
      {
        "title": "F5 BIG-IP Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94294"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006170"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-058"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158062"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006170"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6627"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.f5.com/csp/article/k36320691"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6627"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6627"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k33444350"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-29665"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2409/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158062"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006170"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6627"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-058"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-158062"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006170"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6627"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-058"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158062"
      },
      {
        "date": "2019-07-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006170"
      },
      {
        "date": "2019-07-03T18:15:10.693000",
        "db": "NVD",
        "id": "CVE-2019-6627"
      },
      {
        "date": "2019-07-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-058"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158062"
      },
      {
        "date": "2019-07-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006170"
      },
      {
        "date": "2019-07-10T18:11:26.987000",
        "db": "NVD",
        "id": "CVE-2019-6627"
      },
      {
        "date": "2019-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-058"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-058"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F5 SSL Orchestrator Race condition vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006170"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-058"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2019-32052

Vulnerability from cnvd - Published: 2019-09-18

Title

F5 SSL Orchestrator竞争条件问题漏洞

Description

F5 SSL Orchestrator是美国F5公司的一套为SSL基础设施设计的一体化设备解决方案该产品提供基于策略的动态解密、加密和流量控制等功能。 F5 SSL Orchestrator存在竞争条件问题漏洞。攻击者可利用该漏洞重启TMM，导致流量中断或故障切换。

Severity

中

Patch Name

F5 SSL Orchestrator竞争条件问题漏洞的补丁

Patch Description

F5 SSL Orchestrator是美国F5公司的一套为SSL基础设施设计的一体化设备解决方案该产品提供基于策略的动态解密、加密和流量控制等功能。 F5 SSL Orchestrator存在竞争条件问题漏洞。攻击者可利用该漏洞重启TMM，导致流量中断或故障切换。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.f5.com/csp/article/K36320691

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-6627

Impacted products

Name
F5 F5 SSL Orchestrator 14.1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6627",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-6627"
    }
  },
  "description": "F5 SSL Orchestrator\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4e00\u5957\u4e3aSSL\u57fa\u7840\u8bbe\u65bd\u8bbe\u8ba1\u7684\u4e00\u4f53\u5316\u8bbe\u5907\u89e3\u51b3\u65b9\u6848\u8be5\u4ea7\u54c1\u63d0\u4f9b\u57fa\u4e8e\u7b56\u7565\u7684\u52a8\u6001\u89e3\u5bc6\u3001\u52a0\u5bc6\u548c\u6d41\u91cf\u63a7\u5236\u7b49\u529f\u80fd\u3002\n\nF5 SSL Orchestrator\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u542fTMM\uff0c\u5bfc\u81f4\u6d41\u91cf\u4e2d\u65ad\u6216\u6545\u969c\u5207\u6362\u3002",
  "discovererName": "F5",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.f5.com/csp/article/K36320691",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-32052",
  "openTime": "2019-09-18",
  "patchDescription": "F5 SSL Orchestrator\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4e00\u5957\u4e3aSSL\u57fa\u7840\u8bbe\u65bd\u8bbe\u8ba1\u7684\u4e00\u4f53\u5316\u8bbe\u5907\u89e3\u51b3\u65b9\u6848\u8be5\u4ea7\u54c1\u63d0\u4f9b\u57fa\u4e8e\u7b56\u7565\u7684\u52a8\u6001\u89e3\u5bc6\u3001\u52a0\u5bc6\u548c\u6d41\u91cf\u63a7\u5236\u7b49\u529f\u80fd\u3002\r\n\r\nF5 SSL Orchestrator\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u542fTMM\uff0c\u5bfc\u81f4\u6d41\u91cf\u4e2d\u65ad\u6216\u6545\u969c\u5207\u6362\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 SSL Orchestrator\u7ade\u4e89\u6761\u4ef6\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "F5 F5 SSL Orchestrator 14.1.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-6627",
  "serverity": "\u4e2d",
  "submitTime": "2019-07-09",
  "title": "F5 SSL Orchestrator\u7ade\u4e89\u6761\u4ef6\u95ee\u9898\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-6627 (GCVE-0-2019-6627)

GHSA-XMXC-MVX2-Q963

CERTFR-2019-AVI-302

Solution

CERTFR-2019-AVI-302

Solution

FKIE_CVE-2019-6627

GSD-2019-6627

VAR-201907-0132

CNVD-2019-32052

Tags

Sightings

Nomenclature