QID 375681

F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BIG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)

Vulnerable Component: BIG-IP ASM, LTM

Affected Versions:
16.0.0 - 16.0.1.1
15.1.0 - 15.1.3
14.1.0 - 14.1.4.1
13.1.0 - 13.1.3
12.1.0 - 12.1.6
11.6.1 - 11.6.5

QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

An attacker could cause a Denial Of Service (DoS) or arbitrary code execution if you use cURL to transfer data to or from a Trivial File Transport Protocol (TFTP) server and set the blksize (block size) option to a value below 504 (the default value is 512). Setting a smaller block size than the default should be rare as the primary use case for changing the block size is to make it larger.