Insufficient Randomness in vCMP Configuration Unit Key Generation Vulnerability

Insufficient Randomness in vCMP Configuration Unit Key Generation Vulnerability

CVE-2019-6632 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.

Learn more about our Web Application Penetration Testing UK.