← Zuruck zu CVEs
CVE-2019-6632
N/ABeschreibung
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht7/3/2019
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
f5:big-ip_access_policy_managerf5:big-ip_advanced_firewall_managerf5:big-ip_analyticsf5:big-ip_application_acceleration_managerf5:big-ip_application_security_managerf5:big-ip_domain_name_systemf5:big-ip_edge_gatewayf5:big-ip_fraud_protection_servicef5:big-ip_global_traffic_managerf5:big-ip_link_controllerf5:big-ip_local_traffic_managerf5:big-ip_policy_enforcement_managerf5:big-ip_webaccelerator
Schwachen (CWE)
CWE-330
Referenzen
http://www.securityfocus.com/bid/109112(f5sirt@f5.com)
https://support.f5.com/csp/article/K01413496(f5sirt@f5.com)
http://www.securityfocus.com/bid/109112(af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K01413496(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.