vulnerability

F5 Networks: CVE-2019-6593: K10065173: TMM TLS virtual server vulnerability CVE-2019-6593

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Feb 25, 2019	Apr 1, 2019	Aug 23, 2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Feb 25, 2019

Added

Apr 1, 2019

Modified

Aug 23, 2024

Description

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the attacker not having gained access to the server's private key itself. (CVE-2019-6593 also known as Zombie POODLE and GOLDENDOODLE.)

Solution

f5-big-ip-upgrade-latest

References

CVE-2019-6593
https://attackerkb.com/topics/CVE-2019-6593
URL-https://my.f5.com/manage/s/article/K10065173

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today