critical
9.8
CWE
522
Advisory Published
Updated

CVE-2019-6609

First published: Mon Apr 15 2019(Updated: )

Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms.

Credit: f5sirt@f5.com f5sirt@f5.com

Affected SoftwareAffected VersionHow to fix
F5 Big-ip Local Traffic Manager>=12.1.2<12.1.4.1
F5 Big-ip Local Traffic Manager>=13.0.0<13.1.1.4
F5 Big-ip Local Traffic Manager>=14.0.0<14.1.0.2
F5 Big-ip Local Traffic Manager=12.1.1-hf2
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
F5 Big-ip Application Acceleration Manager>=12.1.2<12.1.4.1
F5 Big-ip Application Acceleration Manager>=13.0.0<13.1.1.4
F5 Big-ip Application Acceleration Manager>=14.0.0<14.1.0.2
F5 Big-ip Application Acceleration Manager=12.1.1-hf2
F5 BIG-IP Advanced Firewall Manager>=12.1.2<12.1.4.1
F5 BIG-IP Advanced Firewall Manager>=13.0.0<13.1.1.4
F5 BIG-IP Advanced Firewall Manager>=14.0.0<14.1.0.2
F5 BIG-IP Advanced Firewall Manager=12.1.1-hf2
F5 BIG-IP Analytics>=12.1.2<12.1.4.1
F5 BIG-IP Analytics>=13.0.0<13.1.1.4
F5 BIG-IP Analytics>=14.0.0<14.1.0.2
F5 BIG-IP Analytics=12.1.1-hf2
F5 BIG-IP Access Policy Manager>=12.1.2<12.1.4.1
F5 BIG-IP Access Policy Manager>=13.0.0<13.1.1.4
F5 BIG-IP Access Policy Manager>=14.0.0<14.1.0.2
F5 BIG-IP Access Policy Manager=12.1.1-hf2
F5 BIG-IP Application Security Manager>=12.1.2<12.1.4.1
F5 BIG-IP Application Security Manager>=13.0.0<13.1.1.4
F5 BIG-IP Application Security Manager>=14.0.0<14.1.0.2
F5 BIG-IP Application Security Manager=12.1.1-hf2
F5 Big-ip Domain Name System>=12.1.2<12.1.4.1
F5 Big-ip Domain Name System>=13.0.0<13.1.1.4
F5 Big-ip Domain Name System>=14.0.0<14.1.0.2
F5 Big-ip Domain Name System=12.1.1-hf2
F5 Big-ip Edge Gateway>=12.1.2<12.1.4.1
F5 Big-ip Edge Gateway>=13.0.0<13.1.1.4
F5 Big-ip Edge Gateway>=14.0.0<14.1.0.2
F5 Big-ip Edge Gateway=12.1.1-hf2
F5 Big-ip Fraud Protection Service>=12.1.2<12.1.4.1
F5 Big-ip Fraud Protection Service>=13.0.0<13.1.1.4
F5 Big-ip Fraud Protection Service>=14.0.0<14.1.0.2
F5 Big-ip Fraud Protection Service=12.1.1-hf2
F5 Big-ip Global Traffic Manager>=12.1.2<12.1.4.1
F5 Big-ip Global Traffic Manager>=13.0.0<13.1.1.4
F5 Big-ip Global Traffic Manager>=14.0.0<14.1.0.2
F5 Big-ip Global Traffic Manager=12.1.1-hf2
F5 Big-ip Link Controller>=12.1.2<12.1.4.1
F5 Big-ip Link Controller>=13.0.0<13.1.1.4
F5 Big-ip Link Controller>=14.0.0<14.1.0.2
F5 Big-ip Link Controller=12.1.1-hf2
F5 Big-ip Policy Enforcement Manager>=12.1.2<12.1.4.1
F5 Big-ip Policy Enforcement Manager>=13.0.0<13.1.1.4
F5 Big-ip Policy Enforcement Manager>=14.0.0<14.1.0.2
F5 Big-ip Policy Enforcement Manager=12.1.1-hf2
F5 Big-ip Webaccelerator>=12.1.2<12.1.4.1
F5 Big-ip Webaccelerator>=13.0.0<13.1.1.4
F5 Big-ip Webaccelerator>=14.0.0<14.1.0.2
F5 Big-ip Webaccelerator12.1.1=hf2
All of
Any of
F5 Big-ip Local Traffic Manager>=12.1.2<12.1.4.1
F5 Big-ip Local Traffic Manager>=13.0.0<13.1.1.4
F5 Big-ip Local Traffic Manager>=14.0.0<14.1.0.2
F5 Big-ip Local Traffic Manager=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 Big-ip Application Acceleration Manager>=12.1.2<12.1.4.1
F5 Big-ip Application Acceleration Manager>=13.0.0<13.1.1.4
F5 Big-ip Application Acceleration Manager>=14.0.0<14.1.0.2
F5 Big-ip Application Acceleration Manager=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 BIG-IP Advanced Firewall Manager>=12.1.2<12.1.4.1
F5 BIG-IP Advanced Firewall Manager>=13.0.0<13.1.1.4
F5 BIG-IP Advanced Firewall Manager>=14.0.0<14.1.0.2
F5 BIG-IP Advanced Firewall Manager=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 BIG-IP Analytics>=12.1.2<12.1.4.1
F5 BIG-IP Analytics>=13.0.0<13.1.1.4
F5 BIG-IP Analytics>=14.0.0<14.1.0.2
F5 BIG-IP Analytics=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 BIG-IP Access Policy Manager>=12.1.2<12.1.4.1
F5 BIG-IP Access Policy Manager>=13.0.0<13.1.1.4
F5 BIG-IP Access Policy Manager>=14.0.0<14.1.0.2
F5 BIG-IP Access Policy Manager=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 BIG-IP Application Security Manager>=12.1.2<12.1.4.1
F5 BIG-IP Application Security Manager>=13.0.0<13.1.1.4
F5 BIG-IP Application Security Manager>=14.0.0<14.1.0.2
F5 BIG-IP Application Security Manager=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 Big-ip Domain Name System>=12.1.2<12.1.4.1
F5 Big-ip Domain Name System>=13.0.0<13.1.1.4
F5 Big-ip Domain Name System>=14.0.0<14.1.0.2
F5 Big-ip Domain Name System=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 Big-ip Edge Gateway>=12.1.2<12.1.4.1
F5 Big-ip Edge Gateway>=13.0.0<13.1.1.4
F5 Big-ip Edge Gateway>=14.0.0<14.1.0.2
F5 Big-ip Edge Gateway=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 Big-ip Fraud Protection Service>=12.1.2<12.1.4.1
F5 Big-ip Fraud Protection Service>=13.0.0<13.1.1.4
F5 Big-ip Fraud Protection Service>=14.0.0<14.1.0.2
F5 Big-ip Fraud Protection Service=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 Big-ip Global Traffic Manager>=12.1.2<12.1.4.1
F5 Big-ip Global Traffic Manager>=13.0.0<13.1.1.4
F5 Big-ip Global Traffic Manager>=14.0.0<14.1.0.2
F5 Big-ip Global Traffic Manager=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 Big-ip Link Controller>=12.1.2<12.1.4.1
F5 Big-ip Link Controller>=13.0.0<13.1.1.4
F5 Big-ip Link Controller>=14.0.0<14.1.0.2
F5 Big-ip Link Controller=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 Big-ip Policy Enforcement Manager>=12.1.2<12.1.4.1
F5 Big-ip Policy Enforcement Manager>=13.0.0<13.1.1.4
F5 Big-ip Policy Enforcement Manager>=14.0.0<14.1.0.2
F5 Big-ip Policy Enforcement Manager=12.1.1-hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s
All of
Any of
F5 Big-ip Webaccelerator>=12.1.2<12.1.4.1
F5 Big-ip Webaccelerator>=13.0.0<13.1.1.4
F5 Big-ip Webaccelerator>=14.0.0<14.1.0.2
F5 Big-ip Webaccelerator12.1.1=hf2
Any of
F5 Big-ip I10600
F5 Big-ip I10800
F5 Big-ip I11600
F5 Big-ip I11800
F5 Big-ip I15600
F5 Big-ip I15800
F5 Big-ip I2000s
F5 Big-ip I2200s
F5 Big-ip I4000s
F5 Big-ip I4200v
F5 Big-ip I5000s
F5 Big-ip I5050s
F5 Big-ip I5200v
F5 Big-ip I5250v
F5 Big-ip I5250v Fips
F5 Big-ip I7000
F5 Big-ip I7050s
F5 Big-ip I7055s
F5 Big-ip I7200v
F5 Big-ip I7200v-ssl
F5 Big-ip I7200v Fips
F5 Big-ip I7250v
F5 Big-ip I7255s

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203