F5 Networks BIG-IP : BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability (K16090)

medium Nessus Plugin ID 83148

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.
(CVE-2014-9326)

Impact

In the scenario where DNS records for callhome.f5.com are compromised, an attacker may be able to deliver a malicious payload to the BIG-IP system.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K16090.

See Also

https://support.f5.com/csp/article/K16090

Plugin Details

Severity: Medium

ID: 83148

File Name: f5_bigip_SOL16090.nasl

Version: 2.12

Type: local

Published: 4/30/2015

Updated: 3/10/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/29/2015

Vulnerability Publication Date: 5/12/2015

Reference Information

CVE: CVE-2014-9326

BID: 74650