BIG-IP SSL Certificate Validation Issue by F5 Networks
CVE-2019-6592

9.1CRITICAL

Key Information:

Vendor: F5
Status: Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator)
Vendor: CVE Published:; 26 February 2019

Summary

An issue exists within the F5 BIG-IP product affecting versions 14.1.0 to 14.1.0.1, where the Traffic Management Microkernel (TMM) may unexpectedly restart. This occurs during the validation of SSL certificates in both client SSL and server SSL profiles, potentially impacting the availability of services reliant on secure communications.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) 14.1.0-14.1.0.1

References

http://www.securityfocus.com/bid/107176

vdb-entryx_refsource_BID

https://support.f5.com/csp/article/K54167061

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 26, 2019
Vulnerability Reserved
Jan 22, 2019