← back
CVE-2019-6632

CVE-2019-6632

EPSS 0.4%
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.
Affected products
F5 · BIG-IP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.f5.com/csp/article/K01413496http://www.securityfocus.com/bid/109112