Rapid7 Vulnerability & Exploit Database

F5 Networks: K45644893 (CVE-2019-6654): Martian address filtering vulnerability CVE-2019-6654

Back to Search

F5 Networks: K45644893 (CVE-2019-6654): Martian address filtering vulnerability CVE-2019-6654

Severity
3
CVSS
(AV:A/AC:L/Au:N/C:N/I:P/A:N)
Published
09/24/2019
Created
09/27/2019
Added
09/25/2019
Modified
03/03/2020

Description

On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses.

Solution(s)

  • f5-big-ip-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;