CVE-2019-6593

Name of the Vulnerable Software and Affected Versions BIG-IP versions 11.5.1 through 11.5.4 BIG-IP version 11.6.1 BIG-IP version 12.1.0

Description A chosen ciphertext attack against CBC ciphers may be possible when a virtual server is configured with a Client SSL profile. This could result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, without the attacker needing access to the server's private key.

Recommendations For BIG-IP versions 11.5.1 through 11.5.4, update to a version that is not vulnerable to this issue. For BIG-IP version 11.6.1, update to a version that is not vulnerable to this issue. For BIG-IP version 12.1.0, update to a version that is not vulnerable to this issue. As a temporary workaround, consider restricting the use of CBC ciphers in Client SSL profiles until a patch is available.