critical
9.8
CWE
522
Advisory Published
Updated

CVE-2019-6609

First published: Mon Apr 15 2019(Updated: )

Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms.

Credit: f5sirt@f5.com f5sirt@f5.com

Affected SoftwareAffected VersionHow to fix
F5 BIG-IP Local Traffic Manager>=12.1.2<12.1.4.1
F5 BIG-IP Local Traffic Manager>=13.0.0<13.1.1.4
F5 BIG-IP Local Traffic Manager>=14.0.0<14.1.0.2
F5 BIG-IP Local Traffic Manager=12.1.1-hf2
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
f5 big-ip application acceleration manager>=12.1.2<12.1.4.1
f5 big-ip application acceleration manager>=13.0.0<13.1.1.4
f5 big-ip application acceleration manager>=14.0.0<14.1.0.2
f5 big-ip application acceleration manager=12.1.1-hf2
F5 BIG-IP Advanced Firewall Manager>=12.1.2<12.1.4.1
F5 BIG-IP Advanced Firewall Manager>=13.0.0<13.1.1.4
F5 BIG-IP Advanced Firewall Manager>=14.0.0<14.1.0.2
F5 BIG-IP Advanced Firewall Manager=12.1.1-hf2
F5 BIG-IP Analytics>=12.1.2<12.1.4.1
F5 BIG-IP Analytics>=13.0.0<13.1.1.4
F5 BIG-IP Analytics>=14.0.0<14.1.0.2
F5 BIG-IP Analytics=12.1.1-hf2
F5 Access Policy Manager>=12.1.2<12.1.4.1
F5 Access Policy Manager>=13.0.0<13.1.1.4
F5 Access Policy Manager>=14.0.0<14.1.0.2
F5 Access Policy Manager=12.1.1-hf2
F5 Application Security Manager>=12.1.2<12.1.4.1
F5 Application Security Manager>=13.0.0<13.1.1.4
F5 Application Security Manager>=14.0.0<14.1.0.2
F5 Application Security Manager=12.1.1-hf2
f5 big-ip domain name system>=12.1.2<12.1.4.1
f5 big-ip domain name system>=13.0.0<13.1.1.4
f5 big-ip domain name system>=14.0.0<14.1.0.2
f5 big-ip domain name system=12.1.1-hf2
F5 BIG-IP Edge Gateway>=12.1.2<12.1.4.1
F5 BIG-IP Edge Gateway>=13.0.0<13.1.1.4
F5 BIG-IP Edge Gateway>=14.0.0<14.1.0.2
F5 BIG-IP Edge Gateway=12.1.1-hf2
F5 BIG-IP fraud protection services>=12.1.2<12.1.4.1
F5 BIG-IP fraud protection services>=13.0.0<13.1.1.4
F5 BIG-IP fraud protection services>=14.0.0<14.1.0.2
F5 BIG-IP fraud protection services=12.1.1-hf2
F5 BIG-IP Global Traffic Manager>=12.1.2<12.1.4.1
F5 BIG-IP Global Traffic Manager>=13.0.0<13.1.1.4
F5 BIG-IP Global Traffic Manager>=14.0.0<14.1.0.2
F5 BIG-IP Global Traffic Manager=12.1.1-hf2
F5 BIG-IP>=12.1.2<12.1.4.1
F5 BIG-IP>=13.0.0<13.1.1.4
F5 BIG-IP>=14.0.0<14.1.0.2
F5 BIG-IP=12.1.1-hf2
F5 BIG-IP Policy Enforcement Manager>=12.1.2<12.1.4.1
F5 BIG-IP Policy Enforcement Manager>=13.0.0<13.1.1.4
F5 BIG-IP Policy Enforcement Manager>=14.0.0<14.1.0.2
F5 BIG-IP Policy Enforcement Manager=12.1.1-hf2
F5 BIG-IP WebAccelerator>=12.1.2<12.1.4.1
F5 BIG-IP WebAccelerator>=13.0.0<13.1.1.4
F5 BIG-IP WebAccelerator>=14.0.0<14.1.0.2
F5 BIG-IP Policy WebAccelerator=hf2
All of
Any of
F5 BIG-IP Local Traffic Manager>=12.1.2<12.1.4.1
F5 BIG-IP Local Traffic Manager>=13.0.0<13.1.1.4
F5 BIG-IP Local Traffic Manager>=14.0.0<14.1.0.2
F5 BIG-IP Local Traffic Manager=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
f5 big-ip application acceleration manager>=12.1.2<12.1.4.1
f5 big-ip application acceleration manager>=13.0.0<13.1.1.4
f5 big-ip application acceleration manager>=14.0.0<14.1.0.2
f5 big-ip application acceleration manager=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
F5 BIG-IP Advanced Firewall Manager>=12.1.2<12.1.4.1
F5 BIG-IP Advanced Firewall Manager>=13.0.0<13.1.1.4
F5 BIG-IP Advanced Firewall Manager>=14.0.0<14.1.0.2
F5 BIG-IP Advanced Firewall Manager=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
F5 BIG-IP Analytics>=12.1.2<12.1.4.1
F5 BIG-IP Analytics>=13.0.0<13.1.1.4
F5 BIG-IP Analytics>=14.0.0<14.1.0.2
F5 BIG-IP Analytics=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
F5 Access Policy Manager>=12.1.2<12.1.4.1
F5 Access Policy Manager>=13.0.0<13.1.1.4
F5 Access Policy Manager>=14.0.0<14.1.0.2
F5 Access Policy Manager=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
F5 Application Security Manager>=12.1.2<12.1.4.1
F5 Application Security Manager>=13.0.0<13.1.1.4
F5 Application Security Manager>=14.0.0<14.1.0.2
F5 Application Security Manager=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
f5 big-ip domain name system>=12.1.2<12.1.4.1
f5 big-ip domain name system>=13.0.0<13.1.1.4
f5 big-ip domain name system>=14.0.0<14.1.0.2
f5 big-ip domain name system=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
F5 BIG-IP Edge Gateway>=12.1.2<12.1.4.1
F5 BIG-IP Edge Gateway>=13.0.0<13.1.1.4
F5 BIG-IP Edge Gateway>=14.0.0<14.1.0.2
F5 BIG-IP Edge Gateway=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
F5 BIG-IP fraud protection services>=12.1.2<12.1.4.1
F5 BIG-IP fraud protection services>=13.0.0<13.1.1.4
F5 BIG-IP fraud protection services>=14.0.0<14.1.0.2
F5 BIG-IP fraud protection services=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
F5 BIG-IP Global Traffic Manager>=12.1.2<12.1.4.1
F5 BIG-IP Global Traffic Manager>=13.0.0<13.1.1.4
F5 BIG-IP Global Traffic Manager>=14.0.0<14.1.0.2
F5 BIG-IP Global Traffic Manager=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
F5 BIG-IP>=12.1.2<12.1.4.1
F5 BIG-IP>=13.0.0<13.1.1.4
F5 BIG-IP>=14.0.0<14.1.0.2
F5 BIG-IP=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
F5 BIG-IP Policy Enforcement Manager>=12.1.2<12.1.4.1
F5 BIG-IP Policy Enforcement Manager>=13.0.0<13.1.1.4
F5 BIG-IP Policy Enforcement Manager>=14.0.0<14.1.0.2
F5 BIG-IP Policy Enforcement Manager=12.1.1-hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s
All of
Any of
F5 BIG-IP WebAccelerator>=12.1.2<12.1.4.1
F5 BIG-IP WebAccelerator>=13.0.0<13.1.1.4
F5 BIG-IP WebAccelerator>=14.0.0<14.1.0.2
F5 BIG-IP Policy WebAccelerator=hf2
Any of
F5 BIG-IP i10600 Firmware
F5 BIG-IP i10800 Firmware
F5 BIG-IP i11600 Firmware
F5 BIG-IP i11800 Firmware
F5 BIG-IP i15600 Firmware
F5 BIG-IP i15800 firmware
F5 BIG-IP i2000s
F5 BIG-IP i2200s
F5 BIG-IP i4000s
F5 BIG-IP i4200v
F5 BIG-IP i5000s
F5 BIG-IP i5050s
f5 BIG-IP 5200v-ssl
F5 BIG-IP i5250v
F5 BIG-IP i5250v
F5 BIG-IP i7000
F5 BIG-IP i7050s
F5 BIG-IP i7055s
F5 BIG-IP 7200v firmware
F5 BIG-IP i7200v-ssl
F5 BIG-IP i7200v fips
F5 BIG-IP i7250v
F5 BIG-IP i7255s

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-6609?

    CVE-2019-6609 is classified as a platform-dependent vulnerability specifically impacting certain F5 BIG-IP systems.

  • How do I fix CVE-2019-6609?

    To fix CVE-2019-6609, upgrade the affected F5 BIG-IP products to the patched versions provided by F5 Networks.

  • Which versions are affected by CVE-2019-6609?

    CVE-2019-6609 affects F5 BIG-IP versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4.

  • Who is impacted by CVE-2019-6609?

    CVE-2019-6609 primarily impacts organizations using F5 BIG-IP systems on iSeries platforms.

  • Is there a workaround for CVE-2019-6609?

    F5 recommends upgrading systems to address CVE-2019-6609, as no specific workaround is provided.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203