CVE-2019-6629

moderate-risk

Published 2019-07-03

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane.

Do I need to act?

0.70% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (13)

Big-Ip Local Traffic Manager

Big-Ip Application Acceleration Manager

Big-Ip Advanced Firewall Manager

Big-Ip Analytics

Big-Ip Access Policy Manager

Big-Ip Application Security Manager

Big-Ip Domain Name System

Big-Ip Edge Gateway

Big-Ip Global Traffic Manager

Big-Ip Link Controller

Big-Ip Policy Enforcement Manager

Big-Ip Webaccelerator

Big-Ip Websafe

Affected Vendors

References (4)

Vendor Advisory https://support.f5.com/csp/article/K95434410

https://support.f5.com/csp/article/K95434410?utm_source=f5support&amp%3Butm_medi...

Vendor Advisory https://support.f5.com/csp/article/K95434410

https://support.f5.com/csp/article/K95434410?utm_source=f5support&amp%3Butm_medi...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 17/34 · Moderate