On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Big-ip_local_traffic_manager | F5 | 12.1.0 (including) | 12.1.4.1 (excluding) |
Big-ip_local_traffic_manager | F5 | 13.0.0 (including) | 13.1.1.5 (excluding) |
Big-ip_local_traffic_manager | F5 | 14.0.0 (including) | 14.0.0.5 (excluding) |
Big-ip_local_traffic_manager | F5 | 14.1.0 (including) | 14.1.0.6 (excluding) |