On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/109112 | Third Party Advisory VDB Entry |
https://support.f5.com/csp/article/K01413496 | Vendor Advisory |
http://www.securityfocus.com/bid/109112 | Third Party Advisory VDB Entry |
https://support.f5.com/csp/article/K01413496 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Configuration 13 (hide)
|
History
21 Nov 2024, 04:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/109112 - Third Party Advisory, VDB Entry | |
References | () https://support.f5.com/csp/article/K01413496 - Vendor Advisory |
Information
Published : 2019-07-03 19:15
Updated : 2024-11-21 04:46
NVD link : CVE-2019-6632
Mitre link : CVE-2019-6632
CVE.ORG link : CVE-2019-6632
JSON object : View
Products Affected
f5
- big-ip_application_security_manager
- big-ip_application_acceleration_manager
- big-ip_global_traffic_manager
- big-ip_policy_enforcement_manager
- big-ip_edge_gateway
- big-ip_domain_name_system
- big-ip_link_controller
- big-ip_fraud_protection_service
- big-ip_local_traffic_manager
- big-ip_webaccelerator
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- big-ip_analytics
CWE
CWE-330
Use of Insufficiently Random Values