First published: Mon Apr 15 2019(Updated: )
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms.
Credit: f5sirt@f5.com f5sirt@f5.com
Affected Software | Affected Version | How to fix |
---|---|---|
Riverbed SteelApp Traffic Manager | >=12.1.2<12.1.4.1 | |
Riverbed SteelApp Traffic Manager | >=13.0.0<13.1.1.4 | |
Riverbed SteelApp Traffic Manager | >=14.0.0<14.1.0.2 | |
Riverbed SteelApp Traffic Manager | =12.1.1-hf2 | |
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
F5 BIG-IP Application Acceleration Manager | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Application Acceleration Manager | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Application Acceleration Manager | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Application Acceleration Manager | =12.1.1-hf2 | |
F5 BIG-IP Advanced Firewall Manager | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Advanced Firewall Manager | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Advanced Firewall Manager | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Advanced Firewall Manager | =12.1.1-hf2 | |
F5 BIG-IP Analytics | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Analytics | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Analytics | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Analytics | =12.1.1-hf2 | |
F5 Access Policy Manager | >=12.1.2<12.1.4.1 | |
F5 Access Policy Manager | >=13.0.0<13.1.1.4 | |
F5 Access Policy Manager | >=14.0.0<14.1.0.2 | |
F5 Access Policy Manager | =12.1.1-hf2 | |
F5 Application Security Manager | >=12.1.2<12.1.4.1 | |
F5 Application Security Manager | >=13.0.0<13.1.1.4 | |
F5 Application Security Manager | >=14.0.0<14.1.0.2 | |
F5 Application Security Manager | =12.1.1-hf2 | |
F5 BIG-IP | >=12.1.2<12.1.4.1 | |
F5 BIG-IP | >=13.0.0<13.1.1.4 | |
F5 BIG-IP | >=14.0.0<14.1.0.2 | |
F5 BIG-IP | =12.1.1-hf2 | |
F5 BIG-IP Edge Gateway | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Edge Gateway | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Edge Gateway | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Edge Gateway | =12.1.1-hf2 | |
F5 BIG-IP Fraud Protection Service | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Fraud Protection Service | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Fraud Protection Service | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Fraud Protection Service | =12.1.1-hf2 | |
Riverbed SteelApp Traffic Manager | >=12.1.2<12.1.4.1 | |
Riverbed SteelApp Traffic Manager | >=13.0.0<13.1.1.4 | |
Riverbed SteelApp Traffic Manager | >=14.0.0<14.1.0.2 | |
Riverbed SteelApp Traffic Manager | =12.1.1-hf2 | |
F5 BIG-IP Link Controller | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Link Controller | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Link Controller | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Link Controller | =12.1.1-hf2 | |
F5 BIG-IP Policy Enforcement Manager | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Policy Enforcement Manager | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Policy Enforcement Manager | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Policy Enforcement Manager | =12.1.1-hf2 | |
F5 BIG-IP WebAccelerator | >=12.1.2<12.1.4.1 | |
F5 BIG-IP WebAccelerator | >=13.0.0<13.1.1.4 | |
F5 BIG-IP WebAccelerator | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Policy WebAccelerator | =hf2 | |
All of | ||
Any of | ||
Riverbed SteelApp Traffic Manager | >=12.1.2<12.1.4.1 | |
Riverbed SteelApp Traffic Manager | >=13.0.0<13.1.1.4 | |
Riverbed SteelApp Traffic Manager | >=14.0.0<14.1.0.2 | |
Riverbed SteelApp Traffic Manager | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
F5 BIG-IP Application Acceleration Manager | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Application Acceleration Manager | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Application Acceleration Manager | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Application Acceleration Manager | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
F5 BIG-IP Advanced Firewall Manager | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Advanced Firewall Manager | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Advanced Firewall Manager | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Advanced Firewall Manager | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
F5 BIG-IP Analytics | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Analytics | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Analytics | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Analytics | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
F5 Access Policy Manager | >=12.1.2<12.1.4.1 | |
F5 Access Policy Manager | >=13.0.0<13.1.1.4 | |
F5 Access Policy Manager | >=14.0.0<14.1.0.2 | |
F5 Access Policy Manager | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
F5 Application Security Manager | >=12.1.2<12.1.4.1 | |
F5 Application Security Manager | >=13.0.0<13.1.1.4 | |
F5 Application Security Manager | >=14.0.0<14.1.0.2 | |
F5 Application Security Manager | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
F5 BIG-IP | >=12.1.2<12.1.4.1 | |
F5 BIG-IP | >=13.0.0<13.1.1.4 | |
F5 BIG-IP | >=14.0.0<14.1.0.2 | |
F5 BIG-IP | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
F5 BIG-IP Edge Gateway | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Edge Gateway | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Edge Gateway | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Edge Gateway | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
F5 BIG-IP Fraud Protection Service | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Fraud Protection Service | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Fraud Protection Service | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Fraud Protection Service | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
Riverbed SteelApp Traffic Manager | >=12.1.2<12.1.4.1 | |
Riverbed SteelApp Traffic Manager | >=13.0.0<13.1.1.4 | |
Riverbed SteelApp Traffic Manager | >=14.0.0<14.1.0.2 | |
Riverbed SteelApp Traffic Manager | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
F5 BIG-IP Link Controller | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Link Controller | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Link Controller | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Link Controller | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
F5 BIG-IP Policy Enforcement Manager | >=12.1.2<12.1.4.1 | |
F5 BIG-IP Policy Enforcement Manager | >=13.0.0<13.1.1.4 | |
F5 BIG-IP Policy Enforcement Manager | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Policy Enforcement Manager | =12.1.1-hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s | ||
All of | ||
Any of | ||
F5 BIG-IP WebAccelerator | >=12.1.2<12.1.4.1 | |
F5 BIG-IP WebAccelerator | >=13.0.0<13.1.1.4 | |
F5 BIG-IP WebAccelerator | >=14.0.0<14.1.0.2 | |
F5 BIG-IP Policy WebAccelerator | =hf2 | |
Any of | ||
F5 BIG-IP i10600 Firmware | ||
F5 BIG-IP i10800 Firmware | ||
F5 BIG-IP i11600 Firmware | ||
F5 BIG-IP i11800 Firmware | ||
F5 BIG-IP i15600 Firmware | ||
F5 BIG-IP i15800 firmware | ||
F5 BIG-IP i2000s | ||
F5 BIG-IP i2200s | ||
F5 BIG-IP i4000s | ||
F5 BIG-IP i4200v | ||
F5 BIG-IP i5000s | ||
F5 BIG-IP i5050s | ||
f5 BIG-IP 5200v-ssl | ||
F5 BIG-IP iSeries | ||
F5 BIG-IP i5250v | ||
F5 BIG-IP i7000 | ||
F5 BIG-IP i7050s | ||
F5 BIG-IP | ||
F5 BIG-IP 7200v firmware | ||
F5 BIG-IP i7200v-ssl | ||
F5 BIG-IP | ||
F5 BIG-IP i7250v | ||
F5 BIG-IP i7255s |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-6609 is classified as a platform-dependent vulnerability specifically impacting certain F5 BIG-IP systems.
To fix CVE-2019-6609, upgrade the affected F5 BIG-IP products to the patched versions provided by F5 Networks.
CVE-2019-6609 affects F5 BIG-IP versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4.
CVE-2019-6609 primarily impacts organizations using F5 BIG-IP systems on iSeries platforms.
F5 recommends upgrading systems to address CVE-2019-6609, as no specific workaround is provided.