On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the attacker not having gained access to the server's private key itself. (CVE-2019-6593 also known as Zombie POODLE and GOLDENDOODLE.)
Published 2019-02-26 15:29:00
Updated 2021-07-21 11:39:24
Source F5 Networks
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2019-6593

0.13%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-6593

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.3
MEDIUM AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
NIST
5.9
MEDIUM CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.2
3.6
NIST

CWE ids for CVE-2019-6593

References for CVE-2019-6593

Products affected by CVE-2019-6593

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!