CVE-2019-6675

Name of the Vulnerable Software and Affected Versions BIG-IP versions Hotfix-BIGIP-14.1.0.3.0.79.6-ENG.iso through Hotfix-BIGIP-14.1.0.3.0.99.6-ENG.iso BIG-IP versions Hotfix-BIGIP-14.1.0.5.0.15.5-ENG.iso through Hotfix-BIGIP-14.1.0.5.0.40.5-ENG.iso BIG-IP versions Hotfix-BIGIP-14.1.0.6.0.11.9-ENG.iso through Hotfix-BIGIP-14.1.0.6.0.70.9-ENG.iso BIG-IP versions Hotfix-BIGIP-14.1.2.0.11.37-ENG.iso through Hotfix-BIGIP-14.1.2.0.32.37-ENG.iso BIG-IP versions Hotfix-BIGIP-14.1.2.1.0.14.4-ENG.iso through Hotfix-BIGIP-14.1.2.1.0.122.4-ENG.iso BIG-IP versions Hotfix-BIGIP-15.0.1.0.33.11-ENG.iso through Hotfix-BIGIP-15.0.1.0.48.11-ENG.iso

Description The vulnerability allows an authentication bypass, which can result in a complete compromise of the system. This issue impacts BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers.

Recommendations For each of the affected Hotfix builds, apply the corresponding patch or update to resolve the issue. As a temporary workaround, consider restricting access to the authentication configuration to minimize the risk of exploitation. Avoid using the vulnerable authentication configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.