cve-2019-6644
Vulnerability from cvelistv5
Published
2019-09-04 16:58
Modified
2024-08-04 20:23
Severity ?
EPSS score ?
Summary
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K75532331 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K75532331 | Vendor Advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K75532331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T16:58:45",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K75532331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2019-6644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K75532331",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K75532331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2019-6644",
"datePublished": "2019-09-04T16:58:45",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-08-04T20:23:22.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"DD178DE9-510D-4CCD-81C8-59CEB93DC4CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"B963FD8C-76B4-4B7B-B216-8BF72A3FA039\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E734E1C-A92F-4394-8F33-4429161BE47C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A724B2F3-E3FA-456F-9581-0213358B654C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"8F389C5E-72D8-4A75-875A-D088DCADCBE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"9800D8A8-9156-4612-B74B-E00FEC747E5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1FDA72E-991D-4451-9C8E-E738F4D12728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4BFA5B4-AFC0-4E4C-A4E7-ED7BFDC3411F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"97E22AC0-75DC-466D-B066-AD5DAB41DD68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"C118E89F-CC6C-4426-8E9F-715551E04A30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"292EC144-CBA2-4275-9F70-4ED65A505B39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22FF4312-2711-4526-B604-796E637139E9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"28593776-BE84-432C-AB66-4CF105FCB6CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"3066A110-328A-40D6-AECC-A9CA07D7039E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"622C877B-760A-4C50-9FDF-998C010B864E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3F5F2BF-708F-40F6-9BD0-4779DE9A1785\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"97B76447-55EC-43ED-88C5-FD3A0C3D60CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"7094F0F8-3CCD-4D32-B07E-F05EF6A127DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44E8F4B6-ACF1-4F2C-A2A4-DF7382CCE628\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25DAD24A-2D43-498E-BC43-183B669EA1FD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"51FCCD73-3448-4FE5-A9CB-9EA03CF56A23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"8823CE34-0D6D-48E8-A1D4-B09A3F9447E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80509490-50DA-42F8-8A4A-A6F6B95649BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"907FEE11-DF3B-4BE7-9BAE-5F6BE20E469D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"41C1B762-CC39-4027-85AA-7491F28F3286\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"487B7EC1-3864-41AF-963A-9A156E404972\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB76D898-4C7C-40E9-8539-E2A1BC7A5A66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D185434C-67FE-4CD6-A139-BA2FCC9F8878\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"3DC8CD9E-8404-4429-A343-30CD2FC10F3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"C940F821-CEF1-4EFA-9FBF-3DB58FDB4C73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86D68F26-EF89-4016-BD3A-637951752AAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1013320D-D0EE-461E-AF90-049F82AC910E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"262803BC-D86A-4883-869A-D5B721ABA997\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"203ED650-D4D0-414C-AAC7-AD61F78CF8A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADAD6E9A-F8B5-4B2D-B687-AEAB518B8F19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BF46DCE-2603-4E61-87B8-352FF4111567\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"85942235-FE85-4AE7-A549-BDF033C16C21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"D833D6A0-7B62-4EC2-8FEC-79F1617D8341\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23E592A7-B530-4932-A81D-D1B9ABD64047\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71666E6B-8615-4D7B-9A7B-2F6D048FE086\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"B75E8C12-7F03-4C2F-8523-B9206E00DB35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"477AD9C8-D7F5-48E7-8593-1BB57165D8BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CF10213-FBE4-47A5-8EF2-B45BF15BEB6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BDE4D90-5AE4-4183-997E-188FF17D497E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"EA8B630C-D97F-4EFA-889A-9156C16139CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"536DE931-48EB-4CC8-BAD5-911B7BB3E926\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5A85C15-B821-4992-9B06-45767E7467D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE8EBE1A-2E66-4E40-8A11-8B6D21914E5F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.3\", \"versionEndIncluding\": \"12.1.4\", \"matchCriteriaId\": \"7C25287F-27A7-4DE3-9ECC-BF4EFD9C7501\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.2\", \"matchCriteriaId\": \"1F2DDCEE-2840-43D0-896E-6456A7AE3897\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7BBEC67-BD2E-49D5-8294-977D975D98D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C529A4BA-F1B7-4297-A9CC-2FF0EB2CB5AC\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.\"}, {\"lang\": \"es\", \"value\": \"Similar al problema identificado en el CVE-2018-12120, en las versiones 14.1.0 hasta 14.1.0.5, 14.0.0 hasta 14.0.0.4, 13.0.0 hasta 13.1.2 y 12.1.0 hasta 12.1.4, BIG-IP enlazar\\u00e1 un proceso nodejs de depuraci\\u00f3n a todas las interfaces cuando se invoca. Esto puede exponer el proceso a usuarios no autorizados si el plugin es dejado en modo de depuraci\\u00f3n y el puerto est\\u00e1 accesible.\"}]",
"id": "CVE-2019-6644",
"lastModified": "2024-11-21T04:46:52.253",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L\", \"baseScore\": 9.4, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-09-04T17:15:11.520",
"references": "[{\"url\": \"https://support.f5.com/csp/article/K75532331\", \"source\": \"f5sirt@f5.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K75532331\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-6644\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2019-09-04T17:15:11.520\",\"lastModified\":\"2024-11-21T04:46:52.253\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.\"},{\"lang\":\"es\",\"value\":\"Similar al problema identificado en el CVE-2018-12120, en las versiones 14.1.0 hasta 14.1.0.5, 14.0.0 hasta 14.0.0.4, 13.0.0 hasta 13.1.2 y 12.1.0 hasta 12.1.4, BIG-IP enlazar\u00e1 un proceso nodejs de depuraci\u00f3n a todas las interfaces cuando se invoca. Esto puede exponer el proceso a usuarios no autorizados si el plugin es dejado en modo de depuraci\u00f3n y el puerto est\u00e1 accesible.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":5.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"DD178DE9-510D-4CCD-81C8-59CEB93DC4CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"B963FD8C-76B4-4B7B-B216-8BF72A3FA039\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E734E1C-A92F-4394-8F33-4429161BE47C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A724B2F3-E3FA-456F-9581-0213358B654C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"8F389C5E-72D8-4A75-875A-D088DCADCBE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"9800D8A8-9156-4612-B74B-E00FEC747E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1FDA72E-991D-4451-9C8E-E738F4D12728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4BFA5B4-AFC0-4E4C-A4E7-ED7BFDC3411F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"97E22AC0-75DC-466D-B066-AD5DAB41DD68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"C118E89F-CC6C-4426-8E9F-715551E04A30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"292EC144-CBA2-4275-9F70-4ED65A505B39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22FF4312-2711-4526-B604-796E637139E9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"28593776-BE84-432C-AB66-4CF105FCB6CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"3066A110-328A-40D6-AECC-A9CA07D7039E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"622C877B-760A-4C50-9FDF-998C010B864E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3F5F2BF-708F-40F6-9BD0-4779DE9A1785\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"97B76447-55EC-43ED-88C5-FD3A0C3D60CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"7094F0F8-3CCD-4D32-B07E-F05EF6A127DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44E8F4B6-ACF1-4F2C-A2A4-DF7382CCE628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25DAD24A-2D43-498E-BC43-183B669EA1FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"51FCCD73-3448-4FE5-A9CB-9EA03CF56A23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"8823CE34-0D6D-48E8-A1D4-B09A3F9447E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80509490-50DA-42F8-8A4A-A6F6B95649BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"907FEE11-DF3B-4BE7-9BAE-5F6BE20E469D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"41C1B762-CC39-4027-85AA-7491F28F3286\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"487B7EC1-3864-41AF-963A-9A156E404972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB76D898-4C7C-40E9-8539-E2A1BC7A5A66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D185434C-67FE-4CD6-A139-BA2FCC9F8878\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"3DC8CD9E-8404-4429-A343-30CD2FC10F3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"C940F821-CEF1-4EFA-9FBF-3DB58FDB4C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86D68F26-EF89-4016-BD3A-637951752AAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1013320D-D0EE-461E-AF90-049F82AC910E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"262803BC-D86A-4883-869A-D5B721ABA997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"203ED650-D4D0-414C-AAC7-AD61F78CF8A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADAD6E9A-F8B5-4B2D-B687-AEAB518B8F19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BF46DCE-2603-4E61-87B8-352FF4111567\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"85942235-FE85-4AE7-A549-BDF033C16C21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"D833D6A0-7B62-4EC2-8FEC-79F1617D8341\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23E592A7-B530-4932-A81D-D1B9ABD64047\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71666E6B-8615-4D7B-9A7B-2F6D048FE086\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"B75E8C12-7F03-4C2F-8523-B9206E00DB35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"477AD9C8-D7F5-48E7-8593-1BB57165D8BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CF10213-FBE4-47A5-8EF2-B45BF15BEB6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BDE4D90-5AE4-4183-997E-188FF17D497E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"EA8B630C-D97F-4EFA-889A-9156C16139CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"536DE931-48EB-4CC8-BAD5-911B7BB3E926\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5A85C15-B821-4992-9B06-45767E7467D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE8EBE1A-2E66-4E40-8A11-8B6D21914E5F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.3\",\"versionEndIncluding\":\"12.1.4\",\"matchCriteriaId\":\"7C25287F-27A7-4DE3-9ECC-BF4EFD9C7501\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.2\",\"matchCriteriaId\":\"1F2DDCEE-2840-43D0-896E-6456A7AE3897\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7BBEC67-BD2E-49D5-8294-977D975D98D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C529A4BA-F1B7-4297-A9CC-2FF0EB2CB5AC\"}]}]}],\"references\":[{\"url\":\"https://support.f5.com/csp/article/K75532331\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K75532331\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.