Vulnerabilities > CVE-2019-6629 - Unspecified vulnerability in F5 products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
f5
nessus

Summary

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane.

Vulnerable Configurations

Part Description Count
Application
F5
102

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL95434410.NASL
descriptionUndisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane. (CVE-2019-6629) Impact Traffic processing is disrupted while the Traffic Management Microkernel (TMM) restarts. If the affected F5 device is configured as part of a device group, the system will trigger a failover to the peer device.
last seen2020-06-01
modified2020-06-02
plugin id126410
published2019-07-02
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/126410
titleF5 Networks BIG-IP : TMM vulnerability (K95434410)