Lucene search
F5F5:K16090HistorySep 28, 2015 - 12:00 a.m.
K16090 : BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability CVE-2014-9326
2015-09-2800:00:00
my.f5.com
81
Security Advisory Description
The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. (CVE-2014-9326)
Impact
In the scenario where DNS records for callhome.f5.com are compromised, an attacker may be able to deliver a malicious payload to the BIG-IP system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.3.0 | |
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 12.0.0 | |
| big-ip analytics | eq | 11.0.0 |
Related
cvelist
cvelist
CVE-2014-9326
2015-05-12 19:00:00
prion
prion
Code injection
2015-05-12 19:59:00
nvd
nvd
CVE-2014-9326
2015-05-12 19:59:03
f5
f5
cve
cve
CVE-2014-9326
2015-05-12 19:59:03
