CVE-2019-6632
N/A
N/A
Summary
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| F5 | BIG-IP | BIG-IP 14.1.0-14.1.0.5 | affected |
| F5 | BIG-IP | 14.0.0-14.0.0.4 | affected |
| F5 | BIG-IP | 13.0.0-13.1.1.4 | affected |
| F5 | BIG-IP | 12.1.0-12.1.4 | affected |
Weaknesses
- Information disclosure
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.