F5 Networks BIG-IP : Diffie-Hellman key agreement protocol weaknesses (K83120834)

high Nessus Plugin ID 161373

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.4 / 17.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K83120834 advisory.

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth.
The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.(CVE-2002-20001)The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that (appropriately) short exponents can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together. (CVE-2022-40735)

Tenable has extracted the preceding description block directly from the F5 Networks BIG-IP security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K83120834.

See Also

https://my.f5.com/manage/s/article/K83120834

Plugin Details

Severity: High

ID: 161373

File Name: f5_bigip_SOL83120834.nasl

Version: 1.7

Type: local

Published: 5/19/2022

Updated: 11/15/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2002-20001

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-40735

Vulnerability Information

CPE: cpe:/a:f5:big-ip_irules_lx, cpe:/h:f5:big-ip_protocol_security_manager, cpe:/a:f5:big-ip_domain_name_system, cpe:/a:f5:big-ip_ssl_orchestrator, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_wan_optimization_manager, cpe:/h:f5:big-ip, cpe:/a:f5:big-ip_iapps_lx, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_application_security_manager

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/19/2022

Vulnerability Publication Date: 11/11/2021

Reference Information

CVE: CVE-2002-20001, CVE-2022-40735