CVE-2019-6593
Severity CVSS v4.0:
Pending analysis
Type:
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
Publication date:
26/02/2019
Last modified:
21/07/2021
Description
On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the attacker not having gained access to the server's private key itself. (CVE-2019-6593 also known as Zombie POODLE and GOLDENDOODLE.)
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 11.5.1 (including) | 11.5.4 (including) |
| cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* | 11.5.1 (including) | 11.5.4 (including) |
| cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 11.5.1 (including) | 11.5.4 (including) |
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 11.5.1 (including) | 11.5.4 (including) |
| cpe:2.3:a:f5:big-ip_analytics:11.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_analytics:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 11.5.1 (including) | 11.5.4 (including) |
| cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page