CVE-2019-6632: On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are…

medium5.5CVSS 3.0

AVLACLPRLUINSUCHINAN

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.

Affected

69 ranges· showing 25

Vendor	Product	Version range	Fixed in
f5	big-ip	—	—
f5	big-ip	—	—
f5	big-ip	—	—
f5	big-ip	—	—
f5	big-ip_aam	—	—
f5	big-ip_access_policy_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_access_policy_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_access_policy_manager	>= 14.0.0 < 14.0.0.5	14.0.0.5
f5	big-ip_access_policy_manager	>= 14.1.0 < 14.1.0.6	14.1.0.6
f5	big-ip_advanced_firewall_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_advanced_firewall_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_advanced_firewall_manager	>= 14.0.0 < 14.0.0.5	14.0.0.5
f5	big-ip_advanced_firewall_manager	>= 14.1.0 < 14.1.0.6	14.1.0.6
f5	big-ip_afm	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_analytics	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_analytics	>= 14.0.0 < 14.0.0.5	14.0.0.5
f5	big-ip_analytics	>= 14.1.0 < 14.1.0.6	14.1.0.6
f5	big-ip_apm	—	—
f5	big-ip_application_acceleration_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_application_acceleration_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_application_acceleration_manager	>= 14.0.0 < 14.0.0.5	14.0.0.5
f5	big-ip_application_acceleration_manager	>= 14.1.0 < 14.1.0.6	14.1.0.6
f5	big-ip_application_security_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1