Vulnerability: Lack of Martian Address Filtering on BIG-IP Control Plane

Vulnerability: Lack of Martian Address Filtering on BIG-IP Control Plane

CVE-2019-6654 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses.

Learn more about our Web Application Penetration Testing UK.