PT-2019-18209 · F5 · F5 Ssl Orchestrator
Published
2019-07-03
·
Updated
2019-07-10
·
CVE-2019-6627
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 SSL Orchestrator versions 14.1.0 through 14.1.0.5
Description
The issue occurs under specific conditions involving a race condition, where the Traffic Management Microkernel (TMM) may restart when SSL Forward Proxy enforces a bypass action for an SSL Orchestrator transparent virtual server that has SNAT (Secure Network Address Translation) enabled.
Recommendations
For F5 SSL Orchestrator versions 14.1.0 through 14.1.0.5, consider temporarily disabling SNAT for SSL Orchestrator transparent virtual servers to minimize the risk of TMM restarts until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Ssl Orchestrator