CVE-2019-6609 in BIG-IP APM
Summary
by MITRE
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP APM versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 08/29/2023
The vulnerability described in CVE-2019-6609 represents a critical platform-specific weakness affecting IBM iSeries systems running F5 BIG-IP APM software versions 14.0.0 through 14.1.0.1, 13.0.0 through 13.1.1.3, and 12.1.1 HF2 through 12.1.4. This issue fundamentally undermines the cryptographic security posture of affected systems by failing to properly implement hardware-based key storage mechanisms that are specifically designed for iSeries platforms. The vulnerability stems from the improper configuration of the secureKeyCapable attribute, which is essential for enabling the hardware security module integration that should protect sensitive cryptographic keys.
The technical flaw manifests in the failure to utilize F5's dedicated hardware support for storing the unit key within the secure vault component. This misconfiguration forces the system to fall back to plaintext storage mechanisms that are typically reserved for older Z100 systems where hardware security modules were not available. The unit key, which serves as a fundamental cryptographic element for system security, becomes vulnerable to unauthorized access when stored in plaintext format on disk storage. This represents a direct violation of security best practices and cryptographic implementation standards that require hardware-based protection for sensitive cryptographic material.
The operational impact of this vulnerability extends beyond simple plaintext storage concerns to encompass comprehensive data exposure risks. When the unit key is stored in plaintext on disk, it becomes accessible to any entity with sufficient privileges to read system files, effectively nullifying the cryptographic protections that should safeguard the system. Additionally, the vulnerability causes unit keys to be persistently stored within UCS (Universal Configuration Store) files, creating multiple attack vectors and persistent exposure windows. This issue affects the entire security architecture of the affected systems, potentially enabling attackers to compromise the entire platform through key extraction and subsequent cryptographic attacks.
This vulnerability aligns with CWE-310, which addresses cryptographic weaknesses in system design and implementation, and specifically demonstrates poor key management practices that violate fundamental security principles. From an ATT&CK framework perspective, this vulnerability maps to T1552.001 - Unsecured Credentials and T1552.004 - Credentials in Files, as it exposes cryptographic keys in insecure storage locations. The issue also relates to T1078 - Valid Accounts and T1566 - Phishing, as compromised unit keys could enable attackers to establish persistent access and conduct more sophisticated attacks. Organizations affected by this vulnerability should immediately implement patch management procedures to upgrade to versions that properly configure the secureKeyCapable attribute, ensuring that hardware security modules are correctly utilized for cryptographic key storage. The remediation process must include comprehensive system auditing to identify and remove any existing plaintext key storage, while implementing proper key rotation procedures to maintain system security posture.