CVE-2021-XXXX: Unauthorized Access to Debug Node.js Process in BIG-IP

CVE-2021-XXXX: Unauthorized Access to Debug Node.js Process in BIG-IP

CVE-2019-6644 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.

Learn more about our Cis Benchmark Audit For Bind.