VYPR
Unrated severityNVD Advisory· Published Jul 3, 2019· Updated Aug 4, 2024

CVE-2019-6632

CVE-2019-6632

Description

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.

Affected products

2
  • F5, Inc./Big IPllm-fuzzy2 versions
    >=12.1.0, <=12.1.4 || >=13.0.0, <=13.1.1.4 || >=14.0.0, <=14.0.0.4 || >=14.1.0, <=14.1.0.5+ 1 more
    • (no CPE)range: >=12.1.0, <=12.1.4 || >=13.0.0, <=13.1.1.4 || >=14.0.0, <=14.0.0.4 || >=14.1.0, <=14.1.0.5
    • (no CPE)range: BIG-IP 14.1.0-14.1.0.5

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.