ID CVE-2017-6131 Type cve Reporter cve@mitre.org Modified 2017-07-08T01:29:00
Description
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.
{"f5": [{"lastseen": "2019-04-30T18:21:24", "bulletinFamily": "software", "cvelist": ["CVE-2017-6131"], "description": "\nF5 Product Development has assigned ID 652151 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H61757346 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 13.0.0 \n12.0.0 - 12.1.2| 13.0.0 HF2 \n12.1.2 HF1 \n11.4.0 - 11.6.1 \n11.2.1| Critical| SSH user credentials \nBIG-IP AAM| 13.0.0 \n12.0.0 - 12.1.2| 13.0.0 HF2 \n12.1.2 HF1 \n11.4.0 - 11.6.1| Critical| SSH user credentials \nBIG-IP AFM| 13.0.0 \n12.0.0 - 12.1.2| 13.0.0 HF2 \n12.1.2 HF1 \n11.4.0 - 11.6.1| Critical| SSH user credentials \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP APM| 13.0.0 \n12.0.0 - 12.1.2| 13.0.0 HF2 \n12.1.2 HF1 \n11.4.0 - 11.6.1 \n11.2.1| Critical| SSH user credentials \nBIG-IP ASM2| 13.0.0 \n12.0.0 - 12.1.2| 13.0.0 HF2 \n12.1.2 HF1 \n11.4.0 - 11.6.1 \n11.2.1| Critical| SSH user credentials \nBIG-IP DNS| 13.0.0 \n12.0.0 - 12.1.2| 13.0.0 HF2 \n12.1.2 HF1| Critical| SSH user credentials \nBIG-IP Edge Gateway| None| None| Not vulnerable1| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1| Not vulnerable1| None \nBIG-IP Link Controller| 13.0.0 \n12.0.0 - 12.1.2| 13.0.0 HF2 \n12.1.2 HF1 \n11.4.0 - 11.6.1 \n11.2.1| Critical| SSH user credentials \nBIG-IP PEM| 13.0.0 \n12.0.0 - 12.1.2| 13.0.0 HF2 \n12.1.2 HF1 \n11.4.0 - 11.6.1| Critical| SSH user credentials \nBIG-IP PSM| None| 11.4.0 - 11.4.1| Not vulnerable1| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable1| None \nBIG-IP WebSafe| 13.0.0 \n12.0.0 - 12.1.2| 13.0.0 HF2 \n12.1.2 HF1 \n11.6.0 - 11.6.1| Critical| SSH user credentials \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.1.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None \n \n1 The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the module is not available on the Azure platform.\n\n2 F5 WAF solutions available on Azure Marketplace use a BIG-IP Best image licensed for BIG-IP LTM and ASM. This license uses a 12.x.x code base and may be affected by this vulnerability.\n\n**Note**: F5 started shipping Azure instance images in BIG-IP 12.0.0\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThere are three mitigations available for this issue.\n\n * [Changing the password for the Azure Default user created during instance creation](<https://support.f5.com/csp/article/K61757346#p1>)\n * [Deleting the Azure Default user created during instance creation](<https://support.f5.com/csp/article/K61757346#p2>)\n * [Blocking access to the SSH service using an upstream firewall](<https://support.f5.com/csp/article/K61757346#p3>)\n\nChanging the password for the Azure Default user created during instance creation\n\nBefore manually changing the password, you must determine the user name of the Azure Default user. To do so, perform the following procedure:\n\n**Important**: You must use the TMOS Shell (**tmsh**) or the Configuration utility to change the Azure Default user password. Do not attempt to reset the password using the Azure portal.\n\n 1. Log in to the Azure BIG-IP instance as the root user.\n 2. To determine the user name of the Azure Default user, type the following command: \n\ngrep \"Azure Default User\" /etc/passwd\n\nOutput appears similar to the following example:\n\nazureuser:x:0:500:Azure Default User:/home/azureuser:/bin/bash\n\nThe user name displays in the first field. In this example, the user name is **azureuser**.\n\n**Note**: The actual user name differs based on the individual configuration and the user name chosen at deployment.\n\n 3. To change the password, use the following command syntax: \n\ntmsh modify auth user <azure-default-user> prompt-for-password\n\nIn this syntax, **<azure-default-user>** is the user name determined in step 2.\n\nFor example:\n\ntmsh modify auth user azureuser prompt-for-password\n\n 4. Follow the on-screen prompts to change the password.\n 5. Save the configuration by typing the following command: \n\ntmsh save sys config\n\nDeleting the Azure Default user created during instance creation\n\n 1. Log in to the Azure BIG-IP instance as the root user.\n 2. To determine the user name of the Azure Default user, type the following command: \n\ngrep \"Azure Default User\" /etc/passwd\n\nOutput appears similar to the following example:\n\nazureuser:x:0:500:Azure Default User:/home/azureuser:/bin/bash\n\nThe user name displays in the first field. In this example, the user name is **azureuser**.\n\n**Note**: The actual user name differs based on the individual configuration and the user name chosen at deployment.\n\n 3. To delete the user, use the following command syntax: \n\ntmsh delete auth user <azure-default-user>\n\nIn this syntax, **<azure-default-user>** is the user name determined in step 2.\n\nFor example:\n\ntmsh delete auth user azureuser\n\n 4. Save the configuration by typing the following command: \n\ntmsh save sys config\n\nBlocking access to the SSH service using an upstream firewall\n\nThis process is specific to the customer deployment and is outside the scope of this document.\n\n * [Common Vulnerability Scoring System v3.0: Specification Document](<https://www.first.org/cvss/specification-document>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "edition": 1, "modified": "2017-06-30T01:20:00", "published": "2017-05-22T20:09:00", "id": "F5:K61757346", "href": "https://support.f5.com/csp/article/K61757346", "title": "BIG-IP Azure cloud vulnerability CVE-2017-6131", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-04-07T18:26:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6131"], "description": "In some circumstances, a BIG-IP Azure cloud instance may contain a default\nadministrative password which can be used to remotely log in to the BIG-IP system. The affected administrative\naccount is the Azure instance administrative user created at deployment. The root and admin accounts are not\nvulnerable.", "modified": "2020-04-03T00:00:00", "published": "2017-08-01T00:00:00", "id": "OPENVAS:1361412562310140262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140262", "type": "openvas", "title": "F5 BIG-IP Azure cloud vulnerability CVE-2017-6131", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP Azure cloud vulnerability CVE-2017-6131\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140262\");\n script_version(\"2020-04-03T06:15:47+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-01 13:20:34 +0700 (Tue, 01 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2017-6131\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"F5 BIG-IP Azure cloud vulnerability CVE-2017-6131\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"F5 Local Security Checks\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n\n script_tag(name:\"summary\", value:\"In some circumstances, a BIG-IP Azure cloud instance may contain a default\nadministrative password which can be used to remotely log in to the BIG-IP system. The affected administrative\naccount is the Azure instance administrative user created at deployment. The root and admin accounts are not\nvulnerable.\");\n\n script_tag(name:\"impact\", value:\"An attacker may be able to remotely access the BIG-IP system using secure\nshell (SSH).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/csp/article/K61757346\");\n\n exit(0);\n}\n\ninclude(\"f5.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\ncheck_f5['LTM'] = make_array('affected', '13.0.0;12.0.0-12.1.2;',\n 'unaffected', '13.0.0_HF2;12.1.2_HF1;11.4.0-11.6.1;11.2.1;');\n\ncheck_f5['AAM'] = make_array('affected', '13.0.0;12.0.0-12.1.2;',\n 'unaffected', '13.0.0_HF2;12.1.2 HF1;11.4.0-11.6.1;');\n\ncheck_f5['AFM'] = make_array('affected', '13.0.0;12.0.0-12.1.2;',\n 'unaffected', '13.0.0_HF2;12.1.2_HF1;11.4.0-11.6.1;');\n\ncheck_f5['APM'] = make_array('affected', '13.0.0;12.0.0-12.1.2;',\n 'unaffected', '13.0.0_HF2;12.1.2_HF1;11.4.0-11.6.1;11.2.1;');\n\ncheck_f5['ASM'] = make_array('affected', '13.0.0;12.0.0-12.1.2;',\n 'unaffected', '13.0.0_HF2;12.1.2_HF1;11.4.0-11.6.1;11.2.1;');\n\ncheck_f5['LC'] = make_array('affected', '13.0.0;12.0.0-12.1.2;',\n 'unaffected', '13.0.0_HF2;12.1.2_HF1;11.4.0-11.6.1;11.2.1;');\n\ncheck_f5['PEM'] = make_array('affected', '13.0.0;12.0.0-12.1.2;',\n 'unaffected', '13.0.0_HF2;12.1.2_HF1;11.4.0-11.6.1;');\n\nif (report = f5_is_vulnerable(ca: check_f5, version: version)) {\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T01:58:50", "description": "In some circumstances, a BIG-IP Azure cloud instance may contain a\ndefault administrative password which can be used to remotely log in\nto the BIG-IP system.\n\nThe affected administrative account is the Azure instance\nadministrative user created at deployment. The root and admin accounts\nare not vulnerable.\n\nThis issue only affects BIG-IP Virtual Edition (VE) Azure instances\nand Azure Web Application Firewall solutions on the Azure Marketplace.\nThis issue does not affect BIG-IP VE instances on any other cloud\nservices. All BIG-IP VE Azure instances licensed for any product are\naffected by this vulnerability, except :\n\nInstances deployed using solution templates.\n\nInstances deployed using a password rather than public key for the\nuser-defined account during provisioning.\n\nNote : For more information about deploying instances using solution\ntemplates, refer to the DevCentral Deploy BIG-IP VE in Microsoft Azure\nUsing an ARM Template article. A DevCentral login is required to\naccess this content.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-23T00:00:00", "title": "F5 Networks BIG-IP : BIG-IP Azure cloud vulnerability (K61757346)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6131"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL61757346.NASL", "href": "https://www.tenable.com/plugins/nessus/100331", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K61757346.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100331);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/07/17 16:36:41\");\n\n script_cve_id(\"CVE-2017-6131\");\n\n script_name(english:\"F5 Networks BIG-IP : BIG-IP Azure cloud vulnerability (K61757346)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In some circumstances, a BIG-IP Azure cloud instance may contain a\ndefault administrative password which can be used to remotely log in\nto the BIG-IP system.\n\nThe affected administrative account is the Azure instance\nadministrative user created at deployment. The root and admin accounts\nare not vulnerable.\n\nThis issue only affects BIG-IP Virtual Edition (VE) Azure instances\nand Azure Web Application Firewall solutions on the Azure Marketplace.\nThis issue does not affect BIG-IP VE instances on any other cloud\nservices. All BIG-IP VE Azure instances licensed for any product are\naffected by this vulnerability, except :\n\nInstances deployed using solution templates.\n\nInstances deployed using a password rather than public key for the\nuser-defined account during provisioning.\n\nNote : For more information about deploying instances using solution\ntemplates, refer to the DevCentral Deploy BIG-IP VE in Microsoft Azure\nUsing an ARM Template article. A DevCentral login is required to\naccess this content.\"\n );\n # https://devcentral.f5.com/articles/deploy-big-ip-ve-in-microsoft-azure-using-an-arm-template-26128\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ced7282b\"\n );\n # https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e9fb454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K61757346\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K61757346.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K61757346\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.0.0HF2\",\"12.1.2HF1\",\"11.4.0-11.6.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.0.0HF2\",\"12.1.2HF1\",\"11.4.0-11.6.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.0.0HF2\",\"12.1.2HF1\",\"11.4.0-11.6.1\",\"11.2.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.0.0HF2\",\"12.1.2HF1\",\"11.4.0-11.6.1\",\"11.2.1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.0.0HF2\",\"12.1.2HF1\",\"11.4.0-11.6.1\",\"11.2.1\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.0.0HF2\",\"12.1.2HF1\",\"11.4.0-11.6.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
