Under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files. (CVE-2019-6632)
Impact
BIG-IP
This vulnerability may allow an attacker to decrypt configuration and/or user configuration set (UCS) files that are encrypted.
BIG-IQ, F5 iWorkflow, Enterprise Manager, ARX, LineRate, and Traffix SDC
There is no impact; these F5 products are not affected by this vulnerability.