CVE-2019-6593

2019-02-2600:00:00

www.cve.org

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.0%

JSON

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the attacker not having gained access to the server’s private key itself. (CVE-2019-6593 also known as Zombie POODLE and GOLDENDOODLE.)

CNA Affected

[
  {
    "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
    "vendor": "F5 Networks, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "11.5.1-11.5.4, 11.6.1, 12.1.0"
      }
    ]
  }
]

References

support.f5.com/csp/article/K10065173