CVE-2019-6629
Last modified
CVE-2019-6629 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. EPSS estimates a 1.31% chance of exploitation in the next 30 days.
Description
On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Local Traffic Manager | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Application Acceleration Manager | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Advanced Firewall Manager | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Analytics | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Access Policy Manager | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Application Security Manager | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Domain Name System | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Edge Gateway | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Global Traffic Manager | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Link Controller | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Policy Enforcement Manager | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Webaccelerator | >= 14.1.0.1, <= 14.1.0.5 |
| F5 | Big-Ip Websafe | >= 14.1.0.1, <= 14.1.0.5 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-6629?
How severe is CVE-2019-6629?
How do I fix CVE-2019-6629?
Are you affected by CVE-2019-6629?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST