Rewterz Threat Advisory – CVE-2019-6465 – F5 Multiple Products Bind Security Bypass Vulnerability

Severity

Low

Analysis Summary
A vulnerability has been reported in multiple F5 products, which can be exploited by malicious people to bypass certain security restrictions.

An attacker can exploit this vulnerability to request and receive a zone transfer of a DLZ that bypasses the allow-transfer access control list.

Impact

Security Bypass

Affected Products

• F5 BIG-IP Local Traffic Manager (LTM) 11.x
• F5 BIG-IP Application Security Manager (ASM) 11.x
• F5 BIG-IP Local Traffic Manager (LTM) 12.x
• F5 BIG-IP Application Security Manager (ASM) 12.x
• F5 BIG-IP Local Traffic Manager (LTM) 13.x
• F5 BIG-IP Application Security Manager (ASM) 13.x
• F5 BIG-IQ Centralized Management 5.x
• F5 BIG-IP Local Traffic Manager (LTM) 14.x
• F5 TMOS 11.x
• F5 BIG-IP Global Traffic Manager (GTM) 11.x
• F5 BIG-IP Access Policy Manager (APM) 11.x
• F5 BIG-IP Application Acceleration Manager (AAM) 11.x
• F5 BIG-IP Advanced Firewall Manager (AFM) 11.x
• F5 BIG-IP Analytics (AVR) 11.x
• F5 BIG-IP Link Controller 11.x
• F5 BIG-IP Policy Enforcement Manager (PEM) 11.x
• F5 BIG-IP Access Policy Manager (APM) 12.x
• F5 BIG-IP Access Policy Manager (APM) 13.x
• F5 BIG-IP Advanced Firewall Manager (AFM) 12.x
• F5 BIG-IP Advanced Firewall Manager (AFM) 13.x
• F5 TMOS 12.x
• F5 BIG-IP DNS (formerly Global Traffic Manager (GTM)) 12.x

Remediation

No official solution is currently available. We will update as soon as a patch is available.