CVE-2019-6644
CRITICALBIG-IP <14.1.5, 14.0.4, 13.2, 12.5 - Info Disclosure
Title source: llmDescription
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K75532331
Scores
CVSS v3
9.4
EPSS
0.0079
EPSS Percentile
74.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Details
Status
published
Products (39)
f5/big-ip_access_policy_manager
14.0.0
f5/big-ip_access_policy_manager
14.1.0
f5/big-ip_access_policy_manager
12.1.3 - 12.1.4
f5/big-ip_advanced_firewall_manager
14.0.0
f5/big-ip_advanced_firewall_manager
14.1.0
f5/big-ip_advanced_firewall_manager
12.1.3 - 12.1.4
f5/big-ip_analytics
14.0.0
f5/big-ip_analytics
14.1.0
f5/big-ip_analytics
12.1.3 - 12.1.4
f5/big-ip_application_acceleration_manager
14.0.0
... and 29 more
Published
Sep 04, 2019
Tracked Since
Feb 18, 2026