Vulnerability Details CVE-2019-6641
On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. The attack can only come from an authenticated user; all roles are capable of performing the attack. Unauthenticated users cannot perform this attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 69.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://www.securityfocus.com/bid/109060
- https://support.f5.com/csp/article/K22384173
- https://support.f5.com/csp/article/K22384173?utm_source=f5support&%3Butm_medium=RSS
- http://www.securityfocus.com/bid/109060
- https://support.f5.com/csp/article/K22384173
- https://support.f5.com/csp/article/K22384173?utm_source=f5support&%3Butm_medium=RSS
Products affected by CVE-2019-6641
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.1
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.2
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.3
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.4
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.5
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.6
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.7
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.3
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.3.1
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.3.2
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.3.3
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.3.4
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.3.5
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.3.6
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.3.7
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.4
-
cpe:2.3:a:f5:big-ip_analytics:12.1.2
-
cpe:2.3:a:f5:big-ip_analytics:12.1.3
-
cpe:2.3:a:f5:big-ip_analytics:12.1.3.1
-
cpe:2.3:a:f5:big-ip_analytics:12.1.3.2
-
cpe:2.3:a:f5:big-ip_analytics:12.1.3.3
-
cpe:2.3:a:f5:big-ip_analytics:12.1.3.4
-
cpe:2.3:a:f5:big-ip_analytics:12.1.3.5
-
cpe:2.3:a:f5:big-ip_analytics:12.1.3.6
-
cpe:2.3:a:f5:big-ip_analytics:12.1.3.7
-
cpe:2.3:a:f5:big-ip_analytics:12.1.4
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.3
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.3.1
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.3.2
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.3.3
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.3.4
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.3.5
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.3.6
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.3.7
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.4
-
cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2
-
cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3
-
cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.1
-
cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.2
-
cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.3
-
cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.4
-
cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.5
-
cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.6
-
cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3.7
-
cpe:2.3:a:f5:big-ip_application_security_manager:12.1.4
-
cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2
-
cpe:2.3:a:f5:big-ip_domain_name_system:12.1.3
-
cpe:2.3:a:f5:big-ip_domain_name_system:12.1.3.1
-
cpe:2.3:a:f5:big-ip_domain_name_system:12.1.3.2
-
cpe:2.3:a:f5:big-ip_domain_name_system:12.1.3.3
-
cpe:2.3:a:f5:big-ip_domain_name_system:12.1.3.4
-
cpe:2.3:a:f5:big-ip_domain_name_system:12.1.3.5
-
cpe:2.3:a:f5:big-ip_domain_name_system:12.1.3.6
-
cpe:2.3:a:f5:big-ip_domain_name_system:12.1.3.7
-
cpe:2.3:a:f5:big-ip_domain_name_system:12.1.4
-
cpe:2.3:a:f5:big-ip_edge_gateway:12.1.2
-
cpe:2.3:a:f5:big-ip_edge_gateway:12.1.3
-
cpe:2.3:a:f5:big-ip_edge_gateway:12.1.3.1
-
cpe:2.3:a:f5:big-ip_edge_gateway:12.1.3.2
-
cpe:2.3:a:f5:big-ip_edge_gateway:12.1.3.3
-
cpe:2.3:a:f5:big-ip_edge_gateway:12.1.3.4
-
cpe:2.3:a:f5:big-ip_edge_gateway:12.1.3.5
-
cpe:2.3:a:f5:big-ip_edge_gateway:12.1.3.6
-
cpe:2.3:a:f5:big-ip_edge_gateway:12.1.3.7
-
cpe:2.3:a:f5:big-ip_edge_gateway:12.1.4
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.2
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.3
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.3.1
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.3.2
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.3.3
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.3.4
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.3.5
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.3.6
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.3.7
-
cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.4
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.2
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.3
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.3.1
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.3.2
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.3.3
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.3.4
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.3.5
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.3.6
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.3.7
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.4
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.2
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.3
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.3.1
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.3.2
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.3.3
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.3.4
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.3.5
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.3.6
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.3.7
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.4
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.3
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.3.1
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.3.2
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.3.3
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.3.4
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.3.5
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.3.6
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.3.7
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.4
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.3
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.3.1
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.3.2
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.3.3
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.3.4
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.3.5
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.3.6
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.3.7
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.4
-
cpe:2.3:a:f5:big-ip_webaccelerator:12.1.2
-
cpe:2.3:a:f5:big-ip_webaccelerator:12.1.3
-
cpe:2.3:a:f5:big-ip_webaccelerator:12.1.3.1
-
cpe:2.3:a:f5:big-ip_webaccelerator:12.1.3.2
-
cpe:2.3:a:f5:big-ip_webaccelerator:12.1.3.3
-
cpe:2.3:a:f5:big-ip_webaccelerator:12.1.3.4
-
cpe:2.3:a:f5:big-ip_webaccelerator:12.1.3.5
-
cpe:2.3:a:f5:big-ip_webaccelerator:12.1.3.6
-
cpe:2.3:a:f5:big-ip_webaccelerator:12.1.3.7
-
cpe:2.3:a:f5:big-ip_webaccelerator:12.1.4