CVE-2019-6629 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2019-6629?

CVE-2019-6629 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-6629?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.

Vulnerability Description

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
F5	Big-Ip Local Traffic Manager	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Application Acceleration Manager	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Advanced Firewall Manager	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Analytics	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Access Policy Manager	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Application Security Manager	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Domain Name System	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Edge Gateway	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Global Traffic Manager	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Link Controller	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Policy Enforcement Manager	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Webaccelerator	>= 14.1.0.1, <= 14.1.0.5
F5	Big-Ip Websafe	>= 14.1.0.1, <= 14.1.0.5

References

FAQ

What is CVE-2019-6629?

CVE-2019-6629 is a vulnerability with a CVSS score of 7.5 (HIGH). On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled ...

How severe is CVE-2019-6629?

CVE-2019-6629 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6629?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.