Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 big-ip local traffic manager |
||
f5 big-ip local traffic manager 14.1.0 |
||
f5 big-ip local traffic manager 14.0.0 |
||
f5 big-ip advanced firewall manager 14.1.0 |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip advanced firewall manager 14.0.0 |
||
f5 big-ip application acceleration manager |
||
f5 big-ip application acceleration manager 14.0.0 |
||
f5 big-ip application acceleration manager 14.1.0 |
||
f5 big-ip analytics 14.0.0 |
||
f5 big-ip analytics |
||
f5 big-ip analytics 14.1.0 |
||
f5 big-ip access policy manager |
||
f5 big-ip access policy manager 14.0.0 |
||
f5 big-ip access policy manager 14.1.0 |
||
f5 big-ip application security manager |
||
f5 big-ip application security manager 14.1.0 |
||
f5 big-ip application security manager 14.0.0 |
||
f5 big-ip edge gateway 14.1.0 |
||
f5 big-ip edge gateway |
||
f5 big-ip edge gateway 14.0.0 |
||
f5 big-ip fraud protection service |
||
f5 big-ip fraud protection service 14.0.0 |
||
f5 big-ip fraud protection service 14.1.0 |
||
f5 big-ip global traffic manager 14.0.0 |
||
f5 big-ip global traffic manager |
||
f5 big-ip global traffic manager 14.1.0 |
||
f5 big-ip link controller |
||
f5 big-ip link controller 14.0.0 |
||
f5 big-ip link controller 14.1.0 |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip policy enforcement manager 14.1.0 |
||
f5 big-ip policy enforcement manager 14.0.0 |
||
f5 big-ip webaccelerator 14.1.0 |
||
f5 big-ip webaccelerator |
||
f5 big-ip webaccelerator 14.0.0 |
||
f5 big-ip domain name system |
||
f5 big-ip domain name system 14.0.0 |
||
f5 big-ip domain name system 14.1.0 |