F5 Networks BIG-IP : RSRE Variant 3a vulnerability (K51801290)

medium Nessus Plugin ID 184245

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K51801290 advisory.

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.(CVE-2018-3640)ImpactThere is no exposure on BIG-IP products by way of the data plane. All exposure is limited to the control plane, also known as the management plane. Additionally, on the control plane, the vulnerabilities are exploitable only by the following four authorized, authenticated account roles: Administrator, Resource Administrator, Manager, and iRules Manager. An attacker must be authorized to access the system in one of these roles to attempt to exploit the vulnerabilities.This vulnerability requires an attacker who can provide and run binary code of their choosing on the BIG-IP platform. As a result, these conditions severely restrict the exposure risk of BIG-IP products.Single-tenancy productsFor single-tenancy products, such as a standalone BIG-IP device, the risk is limited to a local, authorized user employing one of the vulnerabilities to read information from memory that they would not normally access, exceeding their privileges. A user may be able to access kernel-space memory, instead of their own user-space.Multi- tenancy environmentsFor multi-tenancy environments, such as cloud, Virtual Edition (VE), and Virtual Clustered Multiprocessing (vCMP), the same local kernel memory access risk applies as in single-tenancy environments. Additionally, the risk of attacks across guests exists, or attacks against the hypervisor/host. In cloud and VE environments, preventing these new attacks falls on the hypervisor/host platform, which is outside the scope of F5's ability to support or patch. Contact your cloud provider or hypervisor vendor to ensure their platforms or products are protected against Spectre Variants.For vCMP environments, while the Spectre Variant attacks offer a theoretical possibility of guest-to-guest or guest-to-host attacks, they are difficult to successfully conduct in the BIG-IP environment. The primary risk in the vCMP environment with Spectre variants only exists when vCMP guests are configured to use a single core. If the vCMP guests are configured to use two or more cores, the Spectre Variant vulnerabilities are eliminated.Vulnerability researchF5 is working with its hardware component vendors to determine the scope of vulnerabilities across its various generations of hardware platforms. All of the current information from F5's vendors is represented in this security advisory. F5 is working to obtain the remaining information from its vendors and will update the security advisory as F5 receives new information regarding its hardware platforms.F5 is also testing the fixes produced by the Linux community, and is conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability to ensure a good experience for its customers. F5 does not want to rush the process and release fixes without a full understanding of potential issues. Given the limited exposure, the complexity of the fixes, and the potential issues, a detailed approach is warranted and rushing a fix could result in an impact to system stability or unacceptable performance costs. F5 will update this article with fixes as they become available.

Tenable has extracted the preceding description block directly from the F5 Networks BIG-IP security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

The vendor has acknowledged the vulnerability, but no solution has been provided.
Refer to the vendor for remediation guidance.

See Also

https://my.f5.com/manage/s/article/K51801290

Plugin Details

Severity: Medium

ID: 184245

File Name: f5_bigip_SOL51801290.nasl

Version: 1.6

Type: local

Published: 11/2/2023

Updated: 3/27/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.5

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2018-3640

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_domain_name_system, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/h:f5:big-ip, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_webaccelerator

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/21/2018

Reference Information

CVE: CVE-2018-3640