CVE-2019-6672 : Vulnerability Insights and Analysis

This CVE involves a vulnerability in F5's BIG-IP AFM versions 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1 that can lead to performance degradation when enabling bad-actor detection on wildcard virtual servers.

Understanding CVE-2019-6672

This CVE affects F5's BIG-IP AFM products, impacting performance when specific configurations are applied.

What is CVE-2019-6672?

CVE-2019-6672 is a vulnerability in BIG-IP AFM versions 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1. Enabling bad-actor detection on wildcard virtual servers with hardware-based sPVA can reduce system performance.

The Impact of CVE-2019-6672

The vulnerability can result in a decrease in the performance of the BIG-IP AFM system when specific configurations are applied.

Technical Details of CVE-2019-6672

This section provides detailed technical information about the CVE.

Vulnerability Description

Enabling bad-actor detection on wildcard virtual servers on platforms with hardware-based sPVA in BIG-IP AFM versions 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1 can lead to performance degradation.

Affected Systems and Versions

BIG-IP AFM versions 15.0.0-15.0.1
BIG-IP AFM versions 14.0.0-14.1.2
BIG-IP AFM versions 13.1.0-13.1.3.1

Exploitation Mechanism

The vulnerability is exploited by configuring bad-actor detection on wildcard virtual servers with hardware-based sPVA.

Mitigation and Prevention

Protect your systems from CVE-2019-6672 with the following steps:

Immediate Steps to Take

Disable bad-actor detection on wildcard virtual servers.
Monitor system performance closely.

Long-Term Security Practices

Regularly update and patch BIG-IP AFM to the latest version.
Implement network segmentation to limit the impact of potential attacks.

Patching and Updates

Apply the latest patches and updates provided by F5 to address the vulnerability.