Detections
Analytics
F5 Networks BIG-IP : ImageMagick vulnerability (K20336394)
high Nessus Plugin ID 135014
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
ImageMagick before 7.0.8-50 has a 'use of uninitialized value' vulnerability in the function ReadCUTImage in coders/cut.c.(CVE-2019-13135)
Impact
BIG-IP (AAM,Edge Gateway, and WebAccelerator)
This issue affects BIG-IP systems only when WAM or AAM is provisioned.
If exploited, this vulnerabilitymay result in an information leak.
BIG-IP (LTM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM),BIG-IQ Centralized Management,Enterprise Manager, F5 iWorkflow, and Traffix SDC
There is no impact; these F5 products are not affected by this vulnerability.
Solution
Upgrade to one of the non-vulnerable versions listed in the F5 Solution K20336394.See Also
Plugin Details
Severity: High
ID: 135014
File Name: f5_bigip_SOL20336394.nasl
Version: 1.8
Type: local
Published: 3/31/2020
Updated: 11/2/2023
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2019-13135
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_webaccelerator, cpe:/h:f5:big-ip
Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version
Exploit Ease: No known exploits are available
Patch Publication Date: 10/8/2019
Vulnerability Publication Date: 7/1/2019
Reference Information
CVE: CVE-2019-13135