← Voltar para CVEs
CVE-2019-6632
N/ADescricao
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado7/3/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
f5:big-ip_access_policy_managerf5:big-ip_advanced_firewall_managerf5:big-ip_analyticsf5:big-ip_application_acceleration_managerf5:big-ip_application_security_managerf5:big-ip_domain_name_systemf5:big-ip_edge_gatewayf5:big-ip_fraud_protection_servicef5:big-ip_global_traffic_managerf5:big-ip_link_controllerf5:big-ip_local_traffic_managerf5:big-ip_policy_enforcement_managerf5:big-ip_webaccelerator
Fraquezas (CWE)
CWE-330
Referencias
http://www.securityfocus.com/bid/109112(f5sirt@f5.com)
https://support.f5.com/csp/article/K01413496(f5sirt@f5.com)
http://www.securityfocus.com/bid/109112(af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K01413496(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.