What is CVE-2019-6664?

CVE-2019-6664 is a vulnerability that affects the management port on BIG-IP devices running certain versions of software.

What software is affected by CVE-2019-6664?

The affected software includes F5 BIG-IP Access Policy Manager, Advanced Firewall Manager, Analytics, Application Acceleration Manager, Application Security Manager, Domain Name System, Edge Gateway, Fraud Protection Service, Global Traffic Manager, Link Controller, Local Traffic Manager, Policy Enforcement Manager, and Webaccelerator.

What is the severity of CVE-2019-6664?

CVE-2019-6664 has a severity rating of 7.5 (high).

How does CVE-2019-6664 impact network protections on the management port?

Under certain conditions, network protections on the management port may not follow current best practices.

How can I fix the vulnerability CVE-2019-6664?

To fix CVE-2019-6664, upgrade to a version of the affected software that is not vulnerable.

Vulnerability/
CVE-2019-6664

high

7.5

15/11/2019

24/8/2020

CVE-2019-6664

First published: Fri Nov 15 2019(Updated: )

On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices.

Credit: f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 BIG-IP Access Policy Manager	>=14.1.0<14.1.2
F5 BIG-IP Access Policy Manager	=15.0.0
F5 BIG-IP Advanced Firewall Manager	>=14.1.0<14.1.2
F5 BIG-IP Advanced Firewall Manager	=15.0.0
F5 BIG-IP Analytics	>=14.1.0<14.1.2
F5 BIG-IP Analytics	=15.0.0
F5 Big-ip Application Acceleration Manager	>=14.1.0<14.1.2
F5 Big-ip Application Acceleration Manager	=15.0.0
F5 BIG-IP Application Security Manager	>=14.1.0<14.1.2
F5 BIG-IP Application Security Manager	=15.0.0
F5 Big-ip Domain Name System	>=14.1.0<14.1.2
F5 Big-ip Domain Name System	=15.0.0
F5 Big-ip Edge Gateway	>=14.1.0<14.1.2
F5 Big-ip Edge Gateway	=15.0.0
F5 Big-ip Fraud Protection Service	>=14.1.0<14.1.2
F5 Big-ip Fraud Protection Service	=15.0.0
F5 Big-ip Global Traffic Manager	>=14.1.0<14.1.2
F5 Big-ip Global Traffic Manager	=15.0.0
F5 Big-ip Link Controller	>=14.1.0<14.1.2
F5 Big-ip Link Controller	=15.0.0
F5 Big-ip Local Traffic Manager	>=14.1.0<14.1.2
F5 Big-ip Local Traffic Manager	=15.0.0
F5 Big-ip Policy Enforcement Manager	>=14.1.0<14.1.2
F5 Big-ip Policy Enforcement Manager	=15.0.0
F5 Big-ip Webaccelerator	>=14.1.0<14.1.2
F5 Big-ip Webaccelerator	=15.0.0

Never miss a vulnerability like this again

Reference Links

https://support.f5.com/csp/article/K03126093

Frequently Asked Questions

What is CVE-2019-6664?
CVE-2019-6664 is a vulnerability that affects the management port on BIG-IP devices running certain versions of software.
What software is affected by CVE-2019-6664?
The affected software includes F5 BIG-IP Access Policy Manager, Advanced Firewall Manager, Analytics, Application Acceleration Manager, Application Security Manager, Domain Name System, Edge Gateway, Fraud Protection Service, Global Traffic Manager, Link Controller, Local Traffic Manager, Policy Enforcement Manager, and Webaccelerator.
What is the severity of CVE-2019-6664?
CVE-2019-6664 has a severity rating of 7.5 (high).
How does CVE-2019-6664 impact network protections on the management port?
Under certain conditions, network protections on the management port may not follow current best practices.
How can I fix the vulnerability CVE-2019-6664?
To fix CVE-2019-6664, upgrade to a version of the affected software that is not vulnerable.

collector/nvd-index
vendor/f5
canonical/f5 big-ip access policy manager
version/f5 big-ip access policy manager/14.1.0
version/f5 big-ip access policy manager/15.0.0
canonical/f5 big-ip advanced firewall manager
version/f5 big-ip advanced firewall manager/14.1.0
version/f5 big-ip advanced firewall manager/15.0.0
canonical/f5 big-ip analytics
version/f5 big-ip analytics/14.1.0
version/f5 big-ip analytics/15.0.0
canonical/f5 big-ip application acceleration manager
version/f5 big-ip application acceleration manager/14.1.0
version/f5 big-ip application acceleration manager/15.0.0
canonical/f5 big-ip application security manager
version/f5 big-ip application security manager/14.1.0
version/f5 big-ip application security manager/15.0.0
canonical/f5 big-ip domain name system
version/f5 big-ip domain name system/14.1.0
version/f5 big-ip domain name system/15.0.0
canonical/f5 big-ip edge gateway
version/f5 big-ip edge gateway/14.1.0
version/f5 big-ip edge gateway/15.0.0
canonical/f5 big-ip fraud protection service
version/f5 big-ip fraud protection service/14.1.0
version/f5 big-ip fraud protection service/15.0.0
canonical/f5 big-ip global traffic manager
version/f5 big-ip global traffic manager/14.1.0
version/f5 big-ip global traffic manager/15.0.0
canonical/f5 big-ip link controller
version/f5 big-ip link controller/14.1.0
version/f5 big-ip link controller/15.0.0
canonical/f5 big-ip local traffic manager
version/f5 big-ip local traffic manager/14.1.0
version/f5 big-ip local traffic manager/15.0.0
canonical/f5 big-ip policy enforcement manager
version/f5 big-ip policy enforcement manager/14.1.0
version/f5 big-ip policy enforcement manager/15.0.0
canonical/f5 big-ip webaccelerator
version/f5 big-ip webaccelerator/14.1.0
version/f5 big-ip webaccelerator/15.0.0