CVE-2019-6600 Information

Description

In BIG-IP 14.0.0-14.0.0.2 13.0.0-13.1.1.3 12.1.0-12.1.3.7 11.6.1-11.6.3.2 or 11.5.1-11.5.8 when remote authentication is enabled for administrative users and all external users are granted the \guest\ role unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/107470 https://support.f5.com/csp/article/K23734425

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1