#VU22978 Reliance on Reverse DNS Resolution for a Security-Critical Action in F5 Networks products - CVE-2019-6663


Vulnerability identifier: #VU22978

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-6663

CWE-ID: CWE-350

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Enterprise Manager
Client/Desktop applications / Other client software
BIG-IQ Centralized Management
Server applications / Remote management servers, RDP, SSH
F5 iWorkflow
Server applications / Remote management servers, RDP, SSH
BIG-IP AAM
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP DNS
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP Edge Gateway
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP Link Controller
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP WebAccelerator
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP AFM
Hardware solutions / Security hardware applicances
BIG-IP Analytics
Hardware solutions / Security hardware applicances
BIG-IP APM
Hardware solutions / Security hardware applicances
BIG-IP ASM
Hardware solutions / Security hardware applicances
BIG-IP FPS
Hardware solutions / Security hardware applicances
BIG-IP GTM
Hardware solutions / Security hardware applicances
BIG-IP PEM
Hardware solutions / Security hardware applicances
BIG-IP
Hardware solutions / Firmware

Vendor: F5 Networks

Description

The vulnerability allows a local user to perform an Anti DNS Pinning (DNS Rebinding) attack.

The vulnerability exists due to the Configuration utility does not sufficiently verify the Host field in the HTTP request. A local user initiating a DNS rebinding attack requires control of the DNS that is configured in a client that accesses the Configuration utility of the vulnerable system.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Enterprise Manager: 3.1.1

BIG-IQ Centralized Management: 5.2.0 - 7.0.0

F5 iWorkflow: 2.3.0

BIG-IP AAM: 11.5.2 - 15.0.1

BIG-IP AFM: 11.5.2 - 15.0.1

BIG-IP Analytics: 11.5.2 - 15.0.1

BIG-IP APM: 11.5.2 - 15.0.1

BIG-IP ASM: 11.5.2 - 15.0.1

BIG-IP DNS: 11.5.2 - 15.0.1

BIG-IP Edge Gateway: 11.5.2 - 15.0.1

BIG-IP FPS: 11.5.2 - 15.0.1

BIG-IP GTM: 11.5.2 - 15.0.1

BIG-IP Link Controller: 11.5.2 - 15.0.1

BIG-IP PEM: 11.5.2 - 15.0.1

BIG-IP WebAccelerator: 11.5.2 - 15.0.1

BIG-IP: 11.5.2 - 11.5.9, 11.6.0 - 11.6.5, 12.1.0 - 12.1.5, 13.0.0 - 13.0.1, 13.1.0 - 13.1.3, 14.0.0 - 14.0.1, 14.1.0 - 14.1.2, 15.0.0 - 15.0.1

External links
https://support.f5.com/csp/article/K76052144

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


DNS Rebinding in several F5 Networks products