F5F5:K88162221K88162221 : The BIG-IP ASM system may not properly perform signature checks on cookies
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
43.0%
Security Advisory Description
The BIG-IP ASM system may not properly perform signature checks on cookies.
This issue occurs when the following condition is met:
- You have a security policy enabled with cookie scope attack signatures.
Impact
Cookies containing malicious payload may pass through the system without logging a violation.
Symptoms
As a result of this issue, you may encounter the following symptom:
- Some attack signatures do not match a cookie with malicious content, and the system forwards the cookie to the backend hosts without logging a violation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip asm | eq | 11.6.1 | |
| big-ip asm | eq | 11.6.2 | |
| big-ip asm | eq | 11.6.3 | |
| big-ip asm | eq | 11.6.4 | |
| big-ip asm | eq | 11.6.5 | |
| big-ip asm | eq | 12.1.0 | |
| big-ip asm | eq | 12.1.1 | |
| big-ip asm | eq | 12.1.2 | |
| big-ip asm | eq | 12.1.3 | |
| big-ip asm | eq | 12.1.4 |
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
43.0%