CVE-2019-6632

Summary

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.

Affected Software

VendorProductVersion RangeStatus
F5BIG-IPBIG-IP 14.1.0-14.1.0.5affected
F5BIG-IP14.0.0-14.0.0.4affected
F5BIG-IP13.0.0-13.1.1.4affected
F5BIG-IP12.1.0-12.1.4affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

References