Lucene search

[email protected]CVE-2019-6593

HistoryFeb 26, 2019 - 3:29 p.m.

CVE-2019-6593

2019-02-2615:29:00

CWE-327

[email protected]

web.nvd.nist.gov

cve-2019-6593

big-ip

chosen ciphertext attack

cbc ciphers

plaintext recovery

mitm attack

zombie poodle

goldendoodle

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.9%

JSON

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the attacker not having gained access to the server’s private key itself. (CVE-2019-6593 also known as Zombie POODLE and GOLDENDOODLE.)

Affected configurations

NVD

Node

f5big-ip_access_policy_managerRange11.5.1–11.5.4

f5big-ip_access_policy_managerMatch11.6.1

f5big-ip_access_policy_managerMatch12.1.0

Node

f5big-ip_local_traffic_managerRange11.5.1–11.5.4

f5big-ip_local_traffic_managerMatch11.6.1

f5big-ip_local_traffic_managerMatch12.1.0

Node

f5big-ip_advanced_firewall_managerRange11.5.1–11.5.4

f5big-ip_advanced_firewall_managerMatch11.6.1

f5big-ip_advanced_firewall_managerMatch12.1.0

Node

f5big-ip_analyticsRange11.5.1–11.5.4

f5big-ip_analyticsMatch11.6.1

f5big-ip_analyticsMatch12.1.0

Node

f5big-ip_access_policy_managerRange11.5.1–11.5.4

f5big-ip_access_policy_managerMatch11.6.1

f5big-ip_access_policy_managerMatch12.1.0

Node

f5big-ip_application_security_managerRange11.5.1–11.5.4

f5big-ip_application_security_managerMatch11.6.1

f5big-ip_application_security_managerMatch12.1.0

Node

f5big-ip_domain_name_systemRange11.5.1–11.5.4

f5big-ip_domain_name_systemMatch11.6.1

f5big-ip_domain_name_systemMatch12.1.0

Node

f5big-ip_edge_gatewayRange11.5.1–11.5.4

f5big-ip_edge_gatewayMatch11.6.1

f5big-ip_edge_gatewayMatch12.1.0

Node

f5big-ip_fraud_protection_serviceRange11.5.1–11.5.4

f5big-ip_fraud_protection_serviceMatch11.6.1

f5big-ip_fraud_protection_serviceMatch12.1.0

Node

f5big-ip_global_traffic_managerRange11.5.1–11.5.4

f5big-ip_global_traffic_managerMatch11.6.1

f5big-ip_global_traffic_managerMatch12.1.0

Node

f5big-ip_link_controllerRange11.5.1–11.5.4

f5big-ip_link_controllerMatch11.6.1

f5big-ip_link_controllerMatch12.1.0

Node

f5big-ip_policy_enforcement_managerRange11.5.1–11.5.4

f5big-ip_policy_enforcement_managerMatch11.6.1

f5big-ip_policy_enforcement_managerMatch12.1.0

Node

f5big-ip_webacceleratorRange11.5.1–11.5.4

f5big-ip_webacceleratorMatch11.6.1

f5big-ip_webacceleratorMatch12.1.0

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managerle11.5.4
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.6.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.0

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	11.5.4
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.6.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.0

CNA Affected

[
  {
    "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
    "vendor": "F5 Networks, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "11.5.1-11.5.4, 11.6.1, 12.1.0"
      }
    ]
  }
]

References

support.f5.com/csp/article/K10065173

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.9%

JSON

Related for CVE-2019-6593

nvd1 cvelist1 prion1 f51 nessus1