Lucene search
HistoryApr 15, 2019 - 3:29 p.m.
CVE-2019-6609
cve-2019-6609
iseries
big-ip
ltm
aam
afm
analytics
apm
asm
dns
edge gateway
fps
gtm
link controller
pem
webaccelerator
vulnerability
nvd
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
60.7%
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms.
Affected configurations
Node
f5big-ip_local_traffic_managerRange12.1.2–12.1.4.1
ORf5big-ip_local_traffic_managerRange13.0.0–13.1.1.4
ORf5big-ip_local_traffic_managerRange14.0.0–14.1.0.2
ORf5big-ip_local_traffic_managerMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_application_acceleration_managerRange12.1.2–12.1.4.1
ORf5big-ip_application_acceleration_managerRange13.0.0–13.1.1.4
ORf5big-ip_application_acceleration_managerRange14.0.0–14.1.0.2
ORf5big-ip_application_acceleration_managerMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_advanced_firewall_managerRange12.1.2–12.1.4.1
ORf5big-ip_advanced_firewall_managerRange13.0.0–13.1.1.4
ORf5big-ip_advanced_firewall_managerRange14.0.0–14.1.0.2
ORf5big-ip_advanced_firewall_managerMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_analyticsRange12.1.2–12.1.4.1
ORf5big-ip_analyticsRange13.0.0–13.1.1.4
ORf5big-ip_analyticsRange14.0.0–14.1.0.2
ORf5big-ip_analyticsMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_access_policy_managerRange12.1.2–12.1.4.1
ORf5big-ip_access_policy_managerRange13.0.0–13.1.1.4
ORf5big-ip_access_policy_managerRange14.0.0–14.1.0.2
ORf5big-ip_access_policy_managerMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_application_security_managerRange12.1.2–12.1.4.1
ORf5big-ip_application_security_managerRange13.0.0–13.1.1.4
ORf5big-ip_application_security_managerRange14.0.0–14.1.0.2
ORf5big-ip_application_security_managerMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_domain_name_systemRange12.1.2–12.1.4.1
ORf5big-ip_domain_name_systemRange13.0.0–13.1.1.4
ORf5big-ip_domain_name_systemRange14.0.0–14.1.0.2
ORf5big-ip_domain_name_systemMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_edge_gatewayRange12.1.2–12.1.4.1
ORf5big-ip_edge_gatewayRange13.0.0–13.1.1.4
ORf5big-ip_edge_gatewayRange14.0.0–14.1.0.2
ORf5big-ip_edge_gatewayMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_fraud_protection_serviceRange12.1.2–12.1.4.1
ORf5big-ip_fraud_protection_serviceRange13.0.0–13.1.1.4
ORf5big-ip_fraud_protection_serviceRange14.0.0–14.1.0.2
ORf5big-ip_fraud_protection_serviceMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_global_traffic_managerRange12.1.2–12.1.4.1
ORf5big-ip_global_traffic_managerRange13.0.0–13.1.1.4
ORf5big-ip_global_traffic_managerRange14.0.0–14.1.0.2
ORf5big-ip_global_traffic_managerMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_link_controllerRange12.1.2–12.1.4.1
ORf5big-ip_link_controllerRange13.0.0–13.1.1.4
ORf5big-ip_link_controllerRange14.0.0–14.1.0.2
ORf5big-ip_link_controllerMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_policy_enforcement_managerRange12.1.2–12.1.4.1
ORf5big-ip_policy_enforcement_managerRange13.0.0–13.1.1.4
ORf5big-ip_policy_enforcement_managerRange14.0.0–14.1.0.2
ORf5big-ip_policy_enforcement_managerMatch12.1.1hf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
Node
f5big-ip_webacceleratorRange12.1.2–12.1.4.1
ORf5big-ip_webacceleratorRange13.0.0–13.1.1.4
ORf5big-ip_webacceleratorRange14.0.0–14.1.0.2
ORf5big-ip_webaccelerator12.1.1Matchhf2
f5big-ip_i10600Match-
ORf5big-ip_i10800Match-
ORf5big-ip_i11600Match-
ORf5big-ip_i11800Match-
ORf5big-ip_i15600Match-
ORf5big-ip_i15800Match-
ORf5big-ip_i2000sMatch-
ORf5big-ip_i2200sMatch-
ORf5big-ip_i4000sMatch-
ORf5big-ip_i4200vMatch-
ORf5big-ip_i5000sMatch-
ORf5big-ip_i5050sMatch-
ORf5big-ip_i5200vMatch-
ORf5big-ip_i5250vMatch-
ORf5big-ip_i5250v_fipsMatch-
ORf5big-ip_i7000Match-
ORf5big-ip_i7050sMatch-
ORf5big-ip_i7055sMatch-
ORf5big-ip_i7200vMatch-
ORf5big-ip_i7200v-sslMatch-
ORf5big-ip_i7200v_fipsMatch-
ORf5big-ip_i7250vMatch-
ORf5big-ip_i7255sMatch-
CNA Affected
[
{
"product": "BIG-IP APM",
"vendor": "F5",
"versions": [
{
"status": "affected",
"version": "14.0.0-14.1.0.1"
},
{
"status": "affected",
"version": "13.0.0-13.1.1.3"
},
{
"status": "affected",
"version": "12.1.1 HF2-12.1.4"
}
]
}
]References
Related
prion
prion
Design/Logic Flaw
2019-04-15 15:29:00
nessus
nessus
F5 Networks BIG-IP : BIG-IP Secure Vault vulnerability (K18535734)
2019-04-11 00:00:00
f5
f5
K18535734 : BIG-IP Secure Vault vulnerability CVE-2019-6609
2019-04-10 00:00:00
cvelist
cvelist
CVE-2019-6609
2019-04-15 14:43:15
nvd
nvd
CVE-2019-6609
2019-04-15 15:29:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
60.7%
Related for CVE-2019-6609