CVE-2019-6684 : On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, an

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of fragmentation-based attack.

Published 2019-12-23 18:15:11

Updated 2020-08-24 17:37:01

Source F5 Networks

View at NVD, CVE.org

Products affected by CVE-2019-6684

F5 » Big-ip Local Traffic Manager
Versions from including (>=) 11.5.2 and up to, including, (<=) 11.6.5
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 14.0.0 and before (<) 14.1.2.3
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 13.0.0 and before (<) 13.1.3.2
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 15.0.0 and before (<) 15.1.0
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 14.0.0 and before (<) 14.1.2.3
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 15.0.0 and before (<) 15.1.0
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 13.0.0 and before (<) 13.1.3.2
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 11.5.2 and up to, including, (<=) 11.6.5
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 14.0.0 and before (<) 14.1.2.3
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 15.0.0 and before (<) 15.1.0
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 13.0.0 and before (<) 13.1.3.2
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 11.5.2 and up to, including, (<=) 11.6.5
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 11.5.2 and up to, including, (<=) 11.6.5
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 14.0.0 and before (<) 14.1.2.3
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 13.0.0 and before (<) 13.1.3.2
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 15.0.0 and before (<) 15.1.0
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 13.0.0 and before (<) 13.1.3.2
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 11.5.2 and up to, including, (<=) 11.6.5
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 14.0.0 and before (<) 14.1.2.3
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 15.0.0 and before (<) 15.1.0
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 14.0.0 and before (<) 14.1.2.3
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 13.0.0 and before (<) 13.1.3.2
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 11.5.2 and up to, including, (<=) 11.6.5
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 15.0.0 and before (<) 15.1.0
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 15.0.0 and before (<) 15.1.0
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 13.0.0 and before (<) 13.1.3.2
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 14.0.0 and before (<) 14.1.2.3
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 11.5.2 and up to, including, (<=) 11.6.5
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 15.0.0 and before (<) 15.1.0
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 13.0.0 and before (<) 13.1.3.2
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 14.0.0 and before (<) 14.1.2.3
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 11.5.2 and up to, including, (<=) 11.6.5
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 15.0.0 and before (<) 15.1.0
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 11.5.2 and up to, including, (<=) 11.6.5
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 14.0.0 and before (<) 14.1.2.3
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 13.0.0 and before (<) 13.1.3.2
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 11.5.2 and up to, including, (<=) 11.6.5
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 15.0.0 and before (<) 15.1.0
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 13.0.0 and before (<) 13.1.3.2
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 14.0.0 and before (<) 14.1.2.3
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 14.0.0 and before (<) 14.1.2.3
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 13.0.0 and before (<) 13.1.3.2
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 11.5.2 and up to, including, (<=) 11.6.5
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 15.0.0 and before (<) 15.1.0
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-6684

EPSS FAQ

0.89%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-6684

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2019-6684

https://support.f5.com/csp/article/K95117754

Article: K95117754 - TMM vulnerability CVE-2019-6684
Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-6684

Products affected by CVE-2019-6684

Exploit prediction scoring system (EPSS) score for CVE-2019-6684

CVSS scores for CVE-2019-6684

References for CVE-2019-6684