CVE-2019-6603

HIGH

BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.0.1 - Denial of Service via Malformed TCP Packets

Title source: llm
STIX 2.1

Description

In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K14632915
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107625

Scores

CVSS v3 7.5
EPSS 0.0089
EPSS Percentile 75.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (13)
f5/big-ip_access_policy_manager 11.5.1 - 11.5.8
f5/big-ip_advanced_firewall_manager 11.5.1 - 11.5.8
f5/big-ip_analytics 11.5.1 - 11.5.8
f5/big-ip_application_acceleration_manager 11.5.1 - 11.5.8
f5/big-ip_application_security_manager 11.5.1 - 11.5.8
f5/big-ip_edge_gateway 11.5.1 - 11.5.8
f5/big-ip_fraud_protection_service 11.5.1 - 11.5.8
f5/big-ip_global_traffic_manager 11.5.1 - 11.5.8
f5/big-ip_link_controller 11.5.1 - 11.5.8
f5/big-ip_local_traffic_manager 11.5.1 - 11.5.8
... and 3 more
Published Mar 28, 2019
Tracked Since Feb 18, 2026