SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2. (CVE-2019-6640)
Impact
An attacker with direct SNMP access to a BIG-IP system, or an attacker with a privileged network position (man-in-the-middle) may be able to obtain the passphrases used within configuration profiles. Default configurations do not expose this issue; remote SNMP access is disallowed by default.