vulnerability

F5 Networks: CVE-2019-6637: K29149494: iControl REST vulnerability CVE-2019-6637

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:N/A:P)	Jul 1, 2019	Jul 2, 2019	Dec 6, 2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:P)

Published

Jul 1, 2019

Added

Jul 2, 2019

Modified

Dec 6, 2024

Description

On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of "Guest" or greater privilege. Note: "No Access" cannot login so technically it's a role but a user with this access role cannot perform the attack.

Solution

f5-big-ip-upgrade-latest

References

CVE-2019-6637
https://attackerkb.com/topics/CVE-2019-6637
URL-https://my.f5.com/manage/s/article/K29149494

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today