On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 big-ip local traffic manager |
||
f5 big-ip application acceleration manager |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip analytics |
||
f5 big-ip access policy manager |
||
f5 big-ip application security manager |
||
f5 big-ip domain name system |
||
f5 big-ip edge gateway |
||
f5 big-ip global traffic manager |
||
f5 big-ip link controller |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip webaccelerator |
||
f5 big-ip fraud protection service |