CVE-2019-6649 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2019-6649

Analyzed

More Info Official Page

Source-f5sirt@f5.com

Published At-20 Sep, 2019 | 20:15

Updated At-24 Aug, 2020 | 17:37

F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary	2.0	5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N

CPE Matches

>>big-ip_application_security_manager>>Versions from 11.5.2(inclusive) to 11.5.9(inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 11.6.1(inclusive) to 11.6.4(inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 12.1.0(inclusive) to 12.1.4(inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 13.1.0(inclusive) to 13.1.1(inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>14.0.0

cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>14.1.0

cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>15.0.0

cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*

>>big-ip_local_traffic_manager>>Versions from 11.5.2(inclusive) to 11.5.9(inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*

>>big-ip_local_traffic_manager>>Versions from 11.6.1(inclusive) to 11.6.4(inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*

>>big-ip_local_traffic_manager>>Versions from 12.1.0(inclusive) to 12.1.4(inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*

>>big-ip_local_traffic_manager>>Versions from 13.1.0(inclusive) to 13.1.1(inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*

>>big-ip_local_traffic_manager>>14.0.0

cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0:*:*:*:*:*:*:*

>>big-ip_local_traffic_manager>>14.1.0

cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*

>>big-ip_local_traffic_manager>>15.0.0

cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 11.5.2(inclusive) to 11.5.9(inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 11.6.1(inclusive) to 11.6.4(inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 12.1.0(inclusive) to 12.1.4(inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 13.1.0(inclusive) to 13.1.1(inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>14.0.0

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>14.1.0

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>15.0.0

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 11.5.2(inclusive) to 11.5.9(inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 11.6.1(inclusive) to 11.6.4(inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 12.1.0(inclusive) to 12.1.4(inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 13.1.0(inclusive) to 13.1.1(inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>14.0.0

cpe:2.3:a:f5:big-ip_analytics:14.0.0:*:*:*:*:*:*:*

>>big-ip_analytics>>14.1.0

cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*

>>big-ip_analytics>>15.0.0

cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 11.5.2(inclusive) to 11.5.9(inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 11.6.1(inclusive) to 11.6.4(inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 12.1.0(inclusive) to 12.1.4(inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 13.1.0(inclusive) to 13.1.1(inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>14.0.0

cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>14.1.0

cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>15.0.0

cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 11.5.2(inclusive) to 11.5.9(inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 11.6.1(inclusive) to 11.6.4(inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 12.1.0(inclusive) to 12.1.4(inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 13.1.0(inclusive) to 13.1.1(inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>14.0.0

cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>14.1.0

cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>15.0.0

cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 11.5.2(inclusive) to 11.5.9(inclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 11.6.1(inclusive) to 11.6.4(inclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 12.1.0(inclusive) to 12.1.4(inclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 13.1.0(inclusive) to 13.1.1(inclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>14.0.0

cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>14.1.0

cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>15.0.0

cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*

>>big-ip_fraud_protection_service>>Versions from 11.5.2(inclusive) to 11.5.9(inclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://support.f5.com/csp/article/K05123525	f5sirt@f5.com	Vendor Advisory