Buffer overflow in F5 Big-ip_access_policy_manager
CVE-2014-6031
Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x…
Vulnerability class: Buffer Overflow
EPSS: 0.005 (64.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H.
Affected products
- F5 Big-ip_access_policy_manager — versions 10.1.0, 10.2.0, 10.2.1
- F5 Big-ip_advanced_firewall_manager — versions 11.3.0, 11.4.0, 11.4.1
- F5 Big-ip_analytics — versions 11.0.0, 11.1.0, 11.2.0
- F5 Big-ip_application_acceleration_manager — versions 11.4.0, 11.4.1, 11.5.0
- F5 Big-ip_application_security_manager — versions 10.0.0, 10.1.0, 10.2.0
- F5 Big-ip_edge_gateway — versions 10.1.0, 10.2.0, 10.2.1
- F5 Big-ip_enterprise_manager — versions 2.1.0, 2.2.0, 2.3.0
- F5 Big-ip_global_traffic_manager — versions 10.0.0, 10.1.0, 10.2.0
- F5 Big-ip_link_controller — versions 10.0.0, 10.1.0, 10.2.0
- F5 Big-ip_local_traffic_manager — versions 10.0.0, 10.0.1, 10.1.0
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2014-6031?
- CVE-2014-6031 is a medium-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 4.9/10. Published 2017-06-08.
- How severe is CVE-2014-6031?
- Medium severity. CVSS v3 base score is 4.9 out of 10.