Details of VAR-201907-0151

ID

VAR-201907-0151

CVE

CVE-2019-6632

TITLE

BIG-IP Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006204

DESCRIPTION

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files. BIG-IP Contains a cryptographic vulnerability.Information may be obtained. Multiple F5 BIG-IP Products are prone to a local information-disclosure vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information. This may lead to other attacks. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5

Trust: 1.98

sources: NVD: CVE-2019-6632 // JVNDB: JVNDB-2019-006204 // BID: 109112 // VULHUB: VHN-158067

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	13.1.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.0.0.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	12.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	13.0.0	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	14.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.1.1.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip fps	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	12.1.4.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	15.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	14.1.0.6	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	14.0.0.5	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	13.1.1.5	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	12.1.4.1	Trust: 0.3

sources: BID: 109112 // JVNDB: JVNDB-2019-006204 // NVD: CVE-2019-6632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6632
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-6632
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201907-054
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-158067
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-6632
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158067
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6632
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-158067 // JVNDB: JVNDB-2019-006204 // CNNVD: CNNVD-201907-054 // NVD: CVE-2019-6632

PROBLEMTYPE DATA

problemtype:	CWE-330	Trust: 1.0
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-158067 // JVNDB: JVNDB-2019-006204 // NVD: CVE-2019-6632

THREAT TYPE

local

Trust: 0.9

sources: BID: 109112 // CNNVD: CNNVD-201907-054

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-054

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006204

PATCH

title:	K01413496	url:	https://support.f5.com/csp/article/K01413496	Trust: 0.8
title:	F5 BIG-IP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94290	Trust: 0.6

sources: JVNDB: JVNDB-2019-006204 // CNNVD: CNNVD-201907-054

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6632	Trust: 2.8
db:	BID	id:	109112	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-006204	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-054	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2411	Trust: 0.6
db:	VULHUB	id:	VHN-158067	Trust: 0.1

sources: VULHUB: VHN-158067 // BID: 109112 // JVNDB: JVNDB-2019-006204 // CNNVD: CNNVD-201907-054 // NVD: CVE-2019-6632

REFERENCES

url:	https://support.f5.com/csp/article/k01413496	Trust: 2.0
url:	http://www.securityfocus.com/bid/109112	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6632	Trust: 1.4
url:	http://www.f5.com/products/big-ip/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6632	Trust: 0.8
url:	https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-29665	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2411/	Trust: 0.6

sources: VULHUB: VHN-158067 // BID: 109112 // JVNDB: JVNDB-2019-006204 // CNNVD: CNNVD-201907-054 // NVD: CVE-2019-6632

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 109112

SOURCES

db:	VULHUB	id:	VHN-158067
db:	BID	id:	109112
db:	JVNDB	id:	JVNDB-2019-006204
db:	CNNVD	id:	CNNVD-201907-054
db:	NVD	id:	CVE-2019-6632

LAST UPDATE DATE

2024-11-23T22:06:09.122000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158067	date:	2019-07-11T00:00:00
db:	BID	id:	109112	date:	2019-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-006204	date:	2019-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201907-054	date:	2019-07-12T00:00:00
db:	NVD	id:	CVE-2019-6632	date:	2024-11-21T04:46:50.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158067	date:	2019-07-03T00:00:00
db:	BID	id:	109112	date:	2019-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-006204	date:	2019-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201907-054	date:	2019-07-02T00:00:00
db:	NVD	id:	CVE-2019-6632	date:	2019-07-03T19:15:12.970