ID CVE-2015-7759 Type cve Reporter cve@mitre.org Modified 2016-01-15T00:15:00
Description
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service (Traffic Management Microkernel (TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU) discovery.
{"f5": [{"lastseen": "2020-04-06T22:40:48", "bulletinFamily": "software", "cvelist": ["CVE-2015-7759"], "description": "\nF5 Product Development has assigned ID 546140 (BIG-IP) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 | 12.1.0 \n12.0.0 HF1 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Severe | TMM processing of virtual servers that use a TCP profile that has Congestion Metrics Cache enabled. \nBIG-IP AAM | 12.0.0 | 12.1.0 \n12.0.0 HF1 \n11.4.0 - 11.6.0 | Severe | TMM processing of virtual servers that use a TCP profile that has Congestion Metrics Cache enabled. \nBIG-IP AFM | 12.0.0 | 12.1.0 \n12.0.0 HF1 \n11.3.0 - 11.6.0 | Severe | TMM processing of virtual servers that use a TCP profile that has Congestion Metrics Cache enabled. \nBIG-IP Analytics | 12.0.0 | 12.1.0 \n12.0.0 HF1 \n11.0.0 - 11.6.0 | Severe | TMM processing of virtual servers that use a TCP profile that has Congestion Metrics Cache enabled. \nBIG-IP APM | 12.0.0 | 12.1.0 \n12.0.0 HF1 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Severe | TMM processing of virtual servers that use a TCP profile that has Congestion Metrics Cache enabled. \nBIG-IP ASM | 12.0.0 | 12.1.0 \n12.0.0 HF1 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Severe | TMM processing of virtual servers that use a TCP profile that has Congestion Metrics Cache enabled. \nBIG-IP DNS | None | 12.1.0 \n12.0.0 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | 12.0.0 | 12.1.0 \n12.0.0 HF1 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Severe | TMM processing of virtual servers that use a TCP profile that has Congestion Metrics Cache enabled. \nBIG-IP PEM | 12.0.0 | 12.1.0 \n12.0.0 HF1 \n11.3.0 - 11.6.0 | Severe | TMM processing of virtual servers that use a TCP profile that has Congestion Metrics Cache enabled. \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 | Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can disable the **Congestion Metrics Cache **setting (cmetrics-cache) for all TCP profiles on the BIG-IP system. To do so, use one of the following options:\n\n * Using the Configuration utility, navigate to the **Local Traffic **> **Profiles **> **Protocol **> **TCP** page and select the profile you want to edit, and clear the **Congestion Metrics Cache **check box.\n * From the command line, use the following command syntax: \n\ntmsh modify ltm profile tcp <profile_name> cmetrics-cache disabled\n\nIn the previous syntax, <**profile_name**> is the name of the tcp profile for which you are disabling **Congestion Metrics Cache**.\n\n**Impact of action:** The impact of the suggested mitigation depends on the specific environment. Disabling **Congestion Metrics Cache **in the TCP profiles may result in performance degradation, depending on network conditions. F5 recommends that you test any such changes during a maintenance window with consideration to the possible impact on your specific environment.\n\nAlternatively, if Path MTU Discovery (PMTU) functionality is not required, you could consider the following alternative actions:\n\n * Block the ICMP Type 3 Code 4 (Fragmentation Needed) packets before they reach the BIG-IP system, by using an upstream firewall or BIG-IP AFM system.\n * Block all ICMP traffic using an upstream firewall or the BIG-IP AFM system.\n\n**Important**: Blocking ICMP traffic prevents PMTU from functioning, and may impact other network services that rely on ICMP. F5 recommends that you evaluate the potential impact of blocking ICMP traffic in your environment. For information about blocking ICMP traffic with the BIG-IP AFM module, refer to the Deploying the BIG-IP Network Firewall in ADC Mode chapter of the BIG-IP Network Firewall: Policies and Implementations guide, and browse the Adding a firewall rule to deny ICMP section.\n\n**Note**: You cannot use BIG-IP packet filters to mitigate this vulnerability.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K12343: The SYN retransmission interval may vary when the Congestion Metrics Cache setting is enabled in the TCP profile](<https://support.f5.com/csp/article/K12343>)\n", "edition": 1, "modified": "2019-05-08T23:40:00", "published": "2016-01-08T04:53:00", "id": "F5:K22843911", "href": "https://support.f5.com/csp/article/K22843911", "title": "F5 Path MTU Discovery vulnerability CVE-2015-7759", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2016-09-26T17:23:24", "bulletinFamily": "software", "cvelist": ["CVE-2015-7759"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can disable the **Congestion Metrics Cache **setting (cmetrics-cache) for all TCP profiles on the BIG-IP system. To do so, use one of the following options:\n\n * Using the Configuration utility, navigate to the **Local Traffic **> **Profiles **> **Protocol **> **TCP** page and select the profile you want to edit, and clear the **Congestion Metrics Cache **check box.\n * From the command line, use the following command syntax: \n \ntmsh modify ltm profile tcp <profile_name> cmetrics-cache disabled \n \nIn the previous syntax, <**profile_name**> is the name of the tcp profile for which you are disabling **Congestion Metrics Cache**.\n\n**Impact of action:** The impact of the suggested mitigation depends on the specific environment. Disabling **Congestion Metrics Cache **in the TCP profiles may result in performance degradation, depending on network conditions. F5 recommends that you test any such changes during a maintenance window with consideration to the possible impact on your specific environment.\n\nAlternatively, if Path MTU Discovery (PMTU) functionality is not required, you could consider the following alternative actions:\n\n * Block the ICMP Type 3 Code 4 (Fragmentation Needed) packets before they reach the BIG-IP system, by using an upstream firewall or BIG-IP AFM system.\n * Block all ICMP traffic using an upstream firewall or the BIG-IP AFM system.\n**Important**: Blocking ICMP traffic prevents PMTU from functioning, and may impact other network services that rely on ICMP. F5 recommends that you evaluate the potential impact of blocking ICMP traffic in your environment. For information about blocking ICMP traffic with the BIG-IP AFM module, refer to the Deploying the BIG-IP Network Firewall in ADC Mode chapter of the BIG-IP Network Firewall: Policies and Implementations guide, and browse the Adding a firewall rule to deny ICMP section. \n \n**Note**: You cannot use BIG-IP packet filters to mitigate this vulnerability.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL12343: The SYN retransmission interval may vary when the Congestion Metrics Cache setting is enabled in the TCP profile\n", "modified": "2016-08-16T00:00:00", "published": "2016-01-07T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/22/sol22843911.html", "id": "SOL22843911", "title": "SOL22843911 - F5 Path MTU Discovery vulnerability CVE-2015-7759", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-04-07T18:44:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7759"], "description": "The remote host is missing a security patch.", "modified": "2020-04-03T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310105503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105503", "type": "openvas", "title": "F5 BIG-IP - SOL22843911 - F5 Path MTU Discovery vulnerability CVE-2015-7759", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL22843911 - F5 Path MTU Discovery vulnerability CVE-2015-7759\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105503\");\n script_cve_id(\"CVE-2015-7759\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL22843911 - F5 Path MTU Discovery vulnerability CVE-2015-7759\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/k/22/sol22843911.html\");\n\n script_tag(name:\"impact\", value:\"The BIG-IP system may temporarily fail to process traffic as it recovers from the Traffic Management Microkernel (TMM) restart, and devices configured as a high-availability pair may fail over.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A remote attacker may be able to cause the Traffic Management Microkernel (TMM) to restart using maliciously constructed ICMP packets. Virtual servers using a TCP profile configured with Congestion Metrics Cache enabled are affected by this vulnerability. Congestion Metrics Cache is enabled by default for TCP profiles.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 11:35:22 +0100 (Fri, 08 Jan 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '12.0.0;',\n 'unaffected', '12.1.0;12.0.0_HF1;11.0.0-11.6.0;10.1.0-10.2.4;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '12.0.0;',\n 'unaffected', '12.1.0;12.0.0_HF1;11.4.0-11.6.0;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '12.0.0;',\n 'unaffected', '12.1.0;12.0.0_HF1;11.3.0-11.6.0;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '12.0.0;',\n 'unaffected', '12.1.0;12.0.0_HF1;11.0.0-11.6.0;' );\n\ncheck_f5['APM'] = make_array( 'affected', '12.0.0;',\n 'unaffected', '12.1.0;12.0.0_HF1;11.0.0-11.6.0;10.1.0-10.2.4;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '12.0.0;',\n 'unaffected', '12.1.0;12.0.0_HF1;11.0.0-11.6.0;10.1.0-10.2.4;' );\n\ncheck_f5['LC'] = make_array( 'affected', '12.0.0;',\n 'unaffected', '12.1.0;12.0.0_HF1;11.0.0-11.6.0;10.1.0-10.2.4;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '12.0.0;',\n 'unaffected', '12.1.0;12.0.0_HF1;11.3.0-11.6.0;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T01:58:24", "description": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM\n12.0.0 before HF1, when the TCP profile for a virtual server is\nconfigured with Congestion Metrics Cache enabled, allow remote\nattackers to cause a denial of service (Traffic Management Microkernel\n(TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU)\ndiscovery.(CVE-2015-7759)\n\nImpact\n\nA remote attacker may be able to cause the Traffic Management\nMicrokernel (TMM) to restart using maliciously constructed ICMP\npackets.\n\nVirtual servers using a TCP profile configured with Congestion Metrics\nCache enabled are affected by this vulnerability. Congestion Metrics\nCache is enabled by default for TCP profiles.", "edition": 28, "cvss3": {"score": 3.7, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2016-01-08T00:00:00", "title": "F5 Networks BIG-IP : F5 Path MTU Discovery vulnerability (K22843911)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7759"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL22843911.NASL", "href": "https://www.tenable.com/plugins/nessus/87787", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K22843911.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87787);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/05/09 9:52:02\");\n\n script_cve_id(\"CVE-2015-7759\");\n\n script_name(english:\"F5 Networks BIG-IP : F5 Path MTU Discovery vulnerability (K22843911)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM\n12.0.0 before HF1, when the TCP profile for a virtual server is\nconfigured with Congestion Metrics Cache enabled, allow remote\nattackers to cause a denial of service (Traffic Management Microkernel\n(TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU)\ndiscovery.(CVE-2015-7759)\n\nImpact\n\nA remote attacker may be able to cause the Traffic Management\nMicrokernel (TMM) to restart using maliciously constructed ICMP\npackets.\n\nVirtual servers using a TCP profile configured with Congestion Metrics\nCache enabled are affected by this vulnerability. Congestion Metrics\nCache is enabled by default for TCP profiles.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K22843911\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K22843911.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K22843911\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.3.0-11.6.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.4.0-11.6.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.0.0-11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.3.0-11.6.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}
