CVE-2019-6629 : Exploit Details and Defense Strategies
Learn about CVE-2019-6629, a vulnerability in BIG-IP 14.1.0-14.1.0.5 that can cause TMM failure due to SSL traffic issues. Find mitigation steps and preventive measures here.
In BIG-IP version 14.1.0-14.1.0.5, a vulnerability related to SSL traffic on a virtual server with a Client SSL profile can lead to TMM failure and restart. This vulnerability affects the data plane but not the control plane.
Understanding CVE-2019-6629
This CVE involves a Denial of Service (DoS) vulnerability in F5's BIG-IP version 14.1.0-14.1.0.5.
What is CVE-2019-6629?
This CVE refers to an undisclosed SSL traffic issue on a virtual server with a Client SSL profile in BIG-IP 14.1.0-14.1.0.5, potentially causing TMM to fail and restart.
The Impact of CVE-2019-6629
- The vulnerability affects the data plane, leading to TMM failure and restart.
- It does not impact the control plane.
Technical Details of CVE-2019-6629
This section provides more technical insights into the vulnerability.
Vulnerability Description
In BIG-IP 14.1.0-14.1.0.5, SSL traffic on a virtual server with a Client SSL profile, using session tickets and DHE cipher suites, can trigger TMM failure and restart.
Affected Systems and Versions
- Product: BIG-IP
- Vendor: F5
- Versions Affected: BIG-IP 14.1.0-14.1.0.5
Exploitation Mechanism
The vulnerability occurs when undisclosed SSL traffic is directed to a virtual server with specific SSL profile configurations.
Mitigation and Prevention
Protecting systems from CVE-2019-6629 is crucial to maintaining security.
Immediate Steps to Take
- Disable session tickets on Client SSL profiles in affected versions.
- Avoid using DHE cipher suites in Client SSL profiles.
Long-Term Security Practices
- Regularly update and patch BIG-IP systems.
- Monitor for security advisories from F5.
Patching and Updates
Apply patches provided by F5 to address the vulnerability.