X509 certificate verification was not correctly implemented in the early access “user id” feature in the BIG-IP Advanced Firewall Manager, and thus did not properly validate the remote server’s identity on certain versions of BIG-IP. (CVE-2017-6142)
Impact
In affected BIG-IP AFM versions, the system is unable to properly validate the remote server’s identity, which may lead to man-in-the-middle (MITM) attacks. This issue affects the Network Firewall policy enforcement. The issue depends on an experimental configuration that was only deployed with F5 technical assistance as a proof of concept.