Information disclosure in USB kernel driver in F5 Networks BIG-IP products
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-15505 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
BIG-IP Hardware solutions / Firmware |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU21630
Risk: Low
CVSSv3.1: 1.9 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-15505
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the drivers/media/usb/dvb-usb/technisat-usb2.c USB driver in Linux kernel. A local user can use a specially crafted USB device to trigger out-of-bounds read error during data transfer and read contents of memory on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
BIG-IP: 13.0.0 - 15.0.1
CPE2.3- cpe:2.3:h:f5_networks:big-ip:13.1.3:*:*:*:*:*:*:
- cpe:2.3:h:f5_networks:big-ip:14.0.1:*:*:*:*:*:*:
- cpe:2.3:h:f5_networks:big-ip:14.1.2:*:*:*:*:*:*:
- cpe:2.3:h:f5_networks:big-ip:15.0.1:*:*:*:*:*:*:
- cpe:2.3:h:f5_networks:big-ip:13.0.1:*:*:*:*:*:*:
http://support.f5.com/csp/article/K28222050
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
