Forum Discussion

Altostratus

Jan 02, 2020

MFC vulnerability CVE-2019-6681

Hi team, related with the Security advisory https://support.f5.com/csp/article/K93417064, where can we check if Multicast Forwarding Cache (MFC) is configured? We are seeing it's licensed, but as I ...

BIG-IP

security

Nathan_F__F5_

Employee

Jan 03, 2020

Hi fpieressa,

I was able to reach out to our security team and the product development team about this and I have an answer for you.

There were some question regarding CVE-2019-6681 / https://support.f5.com/csp/article/K93417064 / K93417064: MFC vulnerability CVE-2019-6681

The Routing Bundle and Multicast Routing License should be available in the BIGIP to be able to configure Multicast Routing Protocol such as PIM (Protocol Independent Multicasting) which relates to MFC (Multicast Forwarding Cache). So as long as you don't have a PIM configuration on the BIGIP, we can safely say that you are not vulnerable to CVE-2019-6681.

A Multicast Routing configuration example can be found in the following article. Please see the "verifying floating multicast configurations" section. If you run that first command and there is no PIM configuration displayed then you are not vulnerable to the CVE.

K36480041: Support for fast failover of PIM-SM multicast traffic in BIG-IP LTM HA systems

https://support.f5.com/csp/article/K36480041

Please give that a try and let me know if you have any questions.

-Nathan F

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)