CVE-2019-6632
MEDIUMBIG-IP 12.1.0-12.1.4 - Insufficient Randomness in vCMP Configuration Unit Key
Title source: llmDescription
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K01413496
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109112
Scores
CVSS v3
5.5
EPSS
0.0011
EPSS Percentile
29.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-330
Status
published
Products (13)
f5/big-ip_access_policy_manager
12.1.0 - 12.1.4.1
f5/big-ip_advanced_firewall_manager
12.1.0 - 12.1.4.1
f5/big-ip_analytics
12.1.0 - 12.1.4.1
f5/big-ip_application_acceleration_manager
12.1.0 - 12.1.4.1
f5/big-ip_application_security_manager
12.1.0 - 12.1.4.1
f5/big-ip_domain_name_system
12.1.0 - 12.1.4.1
f5/big-ip_edge_gateway
12.1.0 - 12.1.4.1
f5/big-ip_fraud_protection_service
12.1.0 - 12.1.4.1
f5/big-ip_global_traffic_manager
12.1.0 - 12.1.4.1
f5/big-ip_link_controller
12.1.0 - 12.1.4.1
... and 3 more
Published
Jul 03, 2019
Tracked Since
Feb 18, 2026