CVE-2019-6619

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
f5CNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
f5big-ip_access_policy_manager
12.1.0 ≤
𝑥
< 12.1.4.1
f5big-ip_access_policy_manager
13.0.0 ≤
𝑥
< 13.1.1.5
f5big-ip_access_policy_manager
14.0.0 ≤
𝑥
< 14.1.0.2
f5big-ip_advanced_firewall_manager
12.1.0 ≤
𝑥
< 12.1.4.1
f5big-ip_advanced_firewall_manager
13.0.0 ≤
𝑥
< 13.1.1.5
f5big-ip_advanced_firewall_manager
14.0.0 ≤
𝑥
< 14.1.0.2
f5big-ip_application_acceleration_manager
12.1.0 ≤
𝑥
< 12.1.4.1
f5big-ip_application_acceleration_manager
13.0.0 ≤
𝑥
< 13.1.1.5
f5big-ip_application_acceleration_manager
14.0.0 ≤
𝑥
< 14.1.0.2
f5big-ip_link_controller
12.1.0 ≤
𝑥
< 12.1.4.1
f5big-ip_link_controller
13.0.0 ≤
𝑥
< 13.1.1.5
f5big-ip_link_controller
14.0.0 ≤
𝑥
< 14.1.0.2
f5big-ip_policy_enforcement_manager
12.1.0 ≤
𝑥
< 12.1.4.1
f5big-ip_policy_enforcement_manager
13.0.0 ≤
𝑥
< 13.1.1.5
f5big-ip_policy_enforcement_manager
14.0.0 ≤
𝑥
< 14.1.0.2
f5big-ip_webaccelerator
12.1.0 ≤
𝑥
< 12.1.4.1
f5big-ip_webaccelerator
13.0.0 ≤
𝑥
< 13.1.1.5
f5big-ip_webaccelerator
14.0.0 ≤
𝑥
< 14.1.0.2
f5big-ip_application_security_manager
12.1.0 ≤
𝑥
< 12.1.4.1
f5big-ip_application_security_manager
13.0.0 ≤
𝑥
< 13.1.1.5
f5big-ip_application_security_manager
14.0.0 ≤
𝑥
< 14.1.0.2
f5big-ip_local_traffic_manager
12.1.0 ≤
𝑥
< 12.1.4.1
f5big-ip_local_traffic_manager
13.0.0 ≤
𝑥
< 13.1.1.5
f5big-ip_local_traffic_manager
14.0.0 ≤
𝑥
< 14.1.0.2
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/108190
https://support.f5.com/csp/article/K94563344
http://www.securityfocus.com/bid/108190
https://support.f5.com/csp/article/K94563344