CVE-2019-6598

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 14.0.0 through 14.0.0.2 F5 BIG-IP versions 13.0.0 through 13.1.0.7 F5 BIG-IP versions 12.1.0 through 12.1.3.5 F5 BIG-IP versions 11.6.1 through 11.6.3.2 F5 BIG-IP versions 11.5.1 through 11.5.8 F5 Enterprise Manager version 3.1.1

Description The issue arises from malformed requests to the Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. This can lead to disruption of TMUI services. The attack requires an authenticated user with any role, except the No Access role, as this role cannot login and lacks the necessary access level to perform the attack.

Recommendations For F5 BIG-IP versions 14.0.0 through 14.0.0.2, update to a version outside of this range to resolve the issue. For F5 BIG-IP versions 13.0.0 through 13.1.0.7, update to a version outside of this range to resolve the issue. For F5 BIG-IP versions 12.1.0 through 12.1.3.5, update to a version outside of this range to resolve the issue. For F5 BIG-IP versions 11.6.1 through 11.6.3.2, update to a version outside of this range to resolve the issue. For F5 BIG-IP versions 11.5.1 through 11.5.8, update to a version outside of this range to resolve the issue. For F5 Enterprise Manager version 3.1.1, update to a version outside of this range to resolve the issue.