Detections
Analytics

F5 Networks BIG-IP : BIG-IP Virtual Server HTTP Explicit Proxy / SOCKS Profile RCE (SOL35520031) (uncredentialed check)

critical Nessus Plugin ID 94408

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The BIG-IP virtual server running on the remote host is affected by a remote command execution vulnerability. This issue exists in servers that are configured to use the HTTP Explicit Proxy functionality and/or SOCKS profile. An unauthenticated, remote attacker can exploit this vulnerability to modify the BIG-IP system configuration, disclose sensitive system files, or possibly execute arbitrary commands.

Note that this plugin only deals with explicit proxy mode HTTP profiles and may not detect the vulnerability when only a SOCKS profile is assigned to the virtual server.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution SOL35520031.

See Also

http://support.f5.com/kb/en-us/solutions/public/k/35/sol35520031.html

Plugin Details

Severity: Critical

ID: 94408

File Name: f5_bigip_SOL35520031_remote.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 10/28/2016

Updated: 11/14/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-5700

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_websafe

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 9/28/2016

Vulnerability Publication Date: 9/28/2016

Reference Information

CVE: CVE-2016-5700

BID: 93325