4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:S/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
23.7%
Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
To mitigate this vulnerability, you can use a one-time password or two-factor authentication instead of password-based authentication. For BIG-IP APM and FirePass hosts running fixed versions with default configurations, fixed client components are automatically downloaded the next time a client is authenticated.
Acknowledgements
F5 would like to acknowledge Giorgio Casali and Simone Cecchini with Verizon Enterprise Solutions GCIS Threat and Vulnerability Management for their efforts in identifying this issue, and for following the highest standards of responsible disclosure.
Supplemental Information
CPE | Name | Operator | Version |
---|---|---|---|
big-ip apm | le | 12.1.0 | |
big-ip edge gateway | le | 11.2.1 | |
firepass | le | 7.0.0 |
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html
support.f5.com/kb/en-us/solutions/public/10000/300/sol10322.html
support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html
support.f5.com/kb/en-us/solutions/public/3000/400/sol3430.html
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html