CVE-2019-6645 : What You Need to Know

A vulnerability in F5 BIG-IP versions 11.5.2-14.1.0.5 could lead to a denial of service (DoS) attack if specific configurations are present.

Understanding CVE-2019-6645

This CVE involves a potential crash in the Traffic Management Microkernel (TMM) of F5 BIG-IP devices under certain conditions.

What is CVE-2019-6645?

The vulnerability occurs when a Virtual Server has an active FTP profile and connection mirroring set up, potentially causing a TMM crash and triggering a High Availability (HA) action.

The Impact of CVE-2019-6645

The vulnerability could result in a denial of service (DoS) attack due to the TMM crash, affecting the availability of the affected BIG-IP devices.

Technical Details of CVE-2019-6645

This section provides more in-depth technical insights into the CVE.

Vulnerability Description

If a BIG-IP device is running versions 11.5.2-14.1.0.5 and has specific configurations, FTP traffic passing through a Virtual Server can lead to a TMM crash.

Affected Systems and Versions

Affected Versions: 11.5.2-14.1.0.5
Products: BIG-IP

Exploitation Mechanism

The vulnerability is triggered when a Virtual Server has both an active FTP profile and connection mirroring configured, allowing malicious FTP traffic to cause a TMM crash.

Mitigation and Prevention

Protecting systems from CVE-2019-6645 requires immediate actions and long-term security measures.

Immediate Steps to Take

Disable FTP profiles on Virtual Servers with connection mirroring enabled.
Monitor network traffic for any suspicious FTP activities.

Long-Term Security Practices

Regularly update and patch F5 BIG-IP devices to the latest firmware.
Implement network segmentation to isolate critical systems from potential attacks.

Patching and Updates

Apply vendor-supplied patches and updates promptly to mitigate the vulnerability and enhance system security.