From c070153a0d748c6adaa3611ae734e0497c3c114f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 13 Mar 2019 17:30:04 -0400 Subject: [PATCH] Adding 6 CVEs for f5. --- 2019/6xxx/CVE-2019-6596.json | 49 ++++++++++++++++++++++++++++++--- 2019/6xxx/CVE-2019-6597.json | 52 +++++++++++++++++++++++++++++++++--- 2019/6xxx/CVE-2019-6598.json | 52 +++++++++++++++++++++++++++++++++--- 2019/6xxx/CVE-2019-6599.json | 52 +++++++++++++++++++++++++++++++++--- 2019/6xxx/CVE-2019-6600.json | 49 ++++++++++++++++++++++++++++++--- 2019/6xxx/CVE-2019-6601.json | 49 ++++++++++++++++++++++++++++++--- 6 files changed, 285 insertions(+), 18 deletions(-) diff --git a/2019/6xxx/CVE-2019-6596.json b/2019/6xxx/CVE-2019-6596.json index e8070cf42ba..8fdba00844f 100644 --- a/2019/6xxx/CVE-2019-6596.json +++ b/2019/6xxx/CVE-2019-6596.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "f5sirt@f5.com", + "DATE_PUBLIC" : "2019-03-11T00:00:00", "ID" : "CVE-2019-6596", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "BIG-IP (APM)", + "version" : { + "version_data" : [ + { + "version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, 11.5.1-11.5.8" + } + ] + } + } + ] + }, + "vendor_name" : "F5 Networks, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash. Only systems offering DTLS connections via APM are impacted." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "DoS" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.f5.com/csp/article/K97241515" } ] } diff --git a/2019/6xxx/CVE-2019-6597.json b/2019/6xxx/CVE-2019-6597.json index 1ccd39b9917..29fe78e4693 100644 --- a/2019/6xxx/CVE-2019-6597.json +++ b/2019/6xxx/CVE-2019-6597.json @@ -1,8 +1,35 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "f5sirt@f5.com", + "DATE_PUBLIC" : "2019-03-11T00:00:00", "ID" : "CVE-2019-6597", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator); Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8" + }, + { + "version_value" : "EM 3.1.1" + } + ] + } + } + ] + }, + "vendor_name" : "F5 Networks, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +38,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "privilege escalation" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.f5.com/csp/article/K29280193" } ] } diff --git a/2019/6xxx/CVE-2019-6598.json b/2019/6xxx/CVE-2019-6598.json index 7f9d789731d..ad928364dd4 100644 --- a/2019/6xxx/CVE-2019-6598.json +++ b/2019/6xxx/CVE-2019-6598.json @@ -1,8 +1,35 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "f5sirt@f5.com", + "DATE_PUBLIC" : "2019-03-11T00:00:00", "ID" : "CVE-2019-6598", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe); Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, 11.5.1-11.5.8" + }, + { + "version_value" : "EM 3.1.1" + } + ] + } + } + ] + }, + "vendor_name" : "F5 Networks, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +38,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "DoS" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.f5.com/csp/article/K44603900" } ] } diff --git a/2019/6xxx/CVE-2019-6599.json b/2019/6xxx/CVE-2019-6599.json index b2d40920e5b..dd10b8929ce 100644 --- a/2019/6xxx/CVE-2019-6599.json +++ b/2019/6xxx/CVE-2019-6599.json @@ -1,8 +1,35 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "f5sirt@f5.com", + "DATE_PUBLIC" : "2019-03-11T00:00:00", "ID" : "CVE-2019-6599", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "BIG-IP APM; Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "11.6.1-11.6.3.2, 11.5.1-11.5.8" + }, + { + "version_value" : "EM 3.1.1" + } + ] + } + } + ] + }, + "vendor_name" : "F5 Networks, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +38,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the JSON response when it is injected by a malicious script via a remote cross-site scripting (XSS) attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "XSS" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.f5.com/csp/article/K46401178" } ] } diff --git a/2019/6xxx/CVE-2019-6600.json b/2019/6xxx/CVE-2019-6600.json index 5d40f6dadcc..565951bf8c2 100644 --- a/2019/6xxx/CVE-2019-6600.json +++ b/2019/6xxx/CVE-2019-6600.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "f5sirt@f5.com", + "DATE_PUBLIC" : "2019-03-11T00:00:00", "ID" : "CVE-2019-6600", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", + "version" : { + "version_data" : [ + { + "version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8" + } + ] + } + } + ] + }, + "vendor_name" : "F5 Networks, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the \"guest\" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "XSS" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.f5.com/csp/article/K23734425" } ] } diff --git a/2019/6xxx/CVE-2019-6601.json b/2019/6xxx/CVE-2019-6601.json index cbd89a563ad..a8554e393b9 100644 --- a/2019/6xxx/CVE-2019-6601.json +++ b/2019/6xxx/CVE-2019-6601.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "f5sirt@f5.com", + "DATE_PUBLIC" : "2019-03-11T00:00:00", "ID" : "CVE-2019-6601", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "BIG-IP (AAM)", + "version" : { + "version_data" : [ + { + "version_value" : "13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8" + } + ] + } + } + ] + }, + "vendor_name" : "F5 Networks, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "privilege escalation" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.f5.com/csp/article/K25359902" } ] }