F5 Networks BIG-IP : SSH vulnerability (K13600)

critical Nessus Plugin ID 78136

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell (SSH). The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.

The following platforms are affected by this issue :

VIPRION B2100, B4100, and B4200

BIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900, 8900, 8950, 11000, and 11050

BIG-IP Virtual Edition

Enterprise Manager 3000 and 4000

Note : Systems that are licensed to run in Appliance mode on BIG-IP 10.2.1 HF3 or later are not susceptible to this vulnerability. For more information about Appliance mode, refer to K12815: Overview of Appliance mode.

The only sign that this vulnerability may have been exploited on an affected system would be the appearance of unexpected root login messages in the /var/log/secure file. However, there is no way to tell from any specific login message whether it was the result of this vulnerability. Further, it is possible for a privileged account to eliminate traces of illicit activity by modifying the log files.

Neither a strong password policy nor remote authentication helps mitigate the issue. For information about protecting your system from exploitation, refer to the Recommended Action section below.

F5 would like to acknowledge Florent Daigniere of Matta Consulting for bringing this issue to our attention, and for following the highest standards of responsible disclosure.

Impact

Privileged (root) access may be granted to unauthenticated users.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K13600.

See Also

https://support.f5.com/csp/article/K12815

https://support.f5.com/csp/article/K13600

Plugin Details

Severity: Critical

ID: 78136

File Name: f5_bigip_SOL13600.nasl

Version: 1.15

Type: local

Published: 10/10/2014

Updated: 3/10/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_wan_optimization_manager, cpe:/h:f5:big-ip, cpe:/h:f5:big-ip_protocol_security_manager

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/6/2012

Vulnerability Publication Date: 6/6/2012

Reference Information

BID: 53897