F5 BIG-IP Web Management Interface Version

🗓️ 11 Feb 2008 00:00:00Reported by TenableType
The remote web server is a web management interface running an F5 BIG-IP version
Source	Link
f5	www.f5.com/products/big-ip-services
#TRUSTED ae40d95c6742b296b58a2a493f5359c56d2ee877145bd4b6eca651f9c172017303c4ef4ef302d145b3fc9d5d0010bf7467a32b37262c13056a67b4501eb25d3580cdeab138758f4b0e0c22b96000e351f7aba94166a3211a2938583bfc35df8639b75da74ccc29cc4a966686a5498d1781c1acd30098bb2d9f5870844e83c555f08feadf206d3f5e30ff60ab9a1768989e19c320677eb01c94f05baf2ec87d815a951f1d72c84b1c497d5ea7864c7c0bfa2b800265ef0c9983b725a2ab98c8902f4697de07963afd6f8745597ad354494c51e486e4b5f4ef6eed3f7d73c4a2266a9dd87a21ba4ba10e103a6feb658e35e8c76f736073923a4a31cfbc07bd0d4bac29eeb68e1aef56ba6443a0d591efef226f25e22f6eeecae731b8a71ad7ea30832ea26efbeb80d90b64adfec6db6bbc2e5b292734412501bf147acbe1e19523fdc8f51d8693085300336c3b40217baa6b7dafadc20a55e32af5ffa0def48f00d66883fbe82fb6c5f1f2abc42a5961ad386424a9c2f28b5167ffe795df7acfb6ade0b4354a8938081670d5b1bc1e3ca99a3f6b07a2f5fdc0ce08164f70a0d179054c81ff8f49f72523694056d67325bb09b0459f11a7e1c99f23ae8c3f6a11f015f757b447d38e3069f914ab4bdad1925e389f3cf3ff485054226cde95aedaa6d22d6ceae1988f0c7cf85db12a37dbb56ed2428a92789558402e566a47e9ae2c
#TRUST-RSA-SHA256 a79ba8dbb43bbec7cb6801f27b4b902cec0c49f52260be49058f6ad5e670d6d96f732cec2c61e96d215cf56e38ba4d7cec2cd53b65726c3a478011bfb4f5c333e4cf22e88cc08c6e076885c87ff029c86a137fd806c22aaeef25fbb98c6b911effef2c4652aec0c42044157078770a7bc33d804228a1457d66cf2ca1725cefdb423cb310b258f11251fb187dd8cc2e3d8fb3e95237d9b9883adc31cb5095ca59c039d6fa8e19d686b1da80f9e65ac59b50c0684d566b96f797612432441b9eee66f14f7aa5b47509b1b46748b06a82a151e6d6a1e8fc47a150ab3421ad9fda6b1e3786f28ba55c50bbc9fcbbdce5231748c830656a68c970552e963613fecc0642df8e52a8d9b4c99df9d1fdf3e0b9cbf56af71edff49b0c38863aec3a71afab230907f42f4e229f54e60a13f0011d86a88064375ae20a2397aaf3c83744449c3b6429d7ddd53bbbf1381d98155efe13e12b924e5d63f2f2dad799924ba3ab1c7151196fbe6467eda6492719734fbfed9a05312336e7df4baae147695da24c20225e835c306fd5229da71dffa8676b5198cfb24cb7c4bcb24e928eca7bf4369d5ecdf20745c8fc97bf553a0e20729204d6d5d8ed8ab7b7fb1b7c837cd8514c0772be1ce1129aebc8e57ec8597ef1a5c7daf2e6708571e8d7f5095bde39e2a40e26ba567ae92ef6f0aead5c0e1a934f565c26a829ff7dc0b3c4336754b76951b2
# bigip_web_version.nasl
#
# History:
#
# 1.00, 12/2/07
# - Initial release

# Changes by Tenable:
# - Revised plugin title, family change (9/1/09)


include("compat.inc");

if (description)
{
  script_id(30216);
  script_version("1.14");

  script_name(english:"F5 BIG-IP Web Management Interface Version");

  script_set_attribute(attribute:"synopsis", value:
      "The remote web server is a web management interface." );
  script_set_attribute(attribute:"description", value:
      "An F5 BIG-IP web management interface is running on this port, and
      Nessus has determined its software version.
      Note. HTTP credentials are required to retrieve version information." );
  script_set_attribute(attribute:"see_also", value:"https://www.f5.com/products/big-ip-services" );
  script_set_attribute(attribute:"risk_factor", value:"None" );
  script_set_attribute(attribute:"solution", value:"n/a" );

  script_summary(english:"Tests for F5 BIG-IP web interface version");
  script_family(english:"CGI abuses");
  script_set_attribute(attribute:"plugin_publication_date", value: "2008/02/11");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/24");
  script_set_attribute(attribute:"asset_inventory", value:"True");
  script_set_attribute(attribute:"asset_inventory_category", value:"software_enumeration");
  script_set_attribute(attribute:"hardware_inventory", value:"True");
  script_set_attribute(attribute:"os_identification", value:"True");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_dependencies("bigip_web_detect.nasl","http_login.nasl");
  script_require_keys("www/bigip");
  script_require_ports("Services/www",443);
  exit(0);
}


include('http.inc');
include("misc_func.inc");
include("install_func.inc");

if (!get_kb_item("www/bigip")) exit(0, "BIG-IP was not detected on this host.");

var port = get_http_port(default:443, embedded:TRUE);

if (!get_tcp_port_state(port))
  exit(0, "Port "+port+" is closed.");
if (!get_kb_item("www/"+port+"/bigip"))
  exit(0, "BIG-IP is not running on port "+port+".");

var app_name = 'F5 BIG-IP';
var username, password;

var F5_SECRET = 'Secret/F5';
var KB_USERNAME_NAME = F5_SECRET + "/Username";
var KB_PASS_NAME = F5_SECRET + "/Password";
var KB_PORT_NAME = F5_SECRET + "/port";

if (get_kb_item(KB_USERNAME_NAME) && get_kb_item(KB_PASS_NAME))
{
  username = get_kb_item(KB_USERNAME_NAME);
  password = get_kb_item(KB_PASS_NAME);
  if (get_kb_item(KB_PORT_NAME))
  {
    port = get_kb_item(KB_PORT_NAME);
  }
}
else
{
  username = get_kb_item(http::KB_USERNAME);
  password = get_kb_item(http::KB_PASSWORD);
}


if (!username || !password)
  audit(app_name, AUDIT_MISSING_CREDENTIALS);

# login before retrieving version info in the next step
var res = http::form_login(
  port:port,
  method:'POST',
  login_page:'/tmui/login.jsp',
  form:'/tmui/logmein.html?',
  fields:strcat('username=',username,'&passwd=',password),
  save_cookies:TRUE,
  follow_redirect:1,
  check_page:'/xui',
  regex:"service_indicator_banner"
);

if (!res) exit(1, 'Login to BIG-IP web interface failed on port ', port);

# retrieve version info from the following resource
var version_uri = "/tmui/Control/jspmap/tmui/system/device/properties_general.jsp";
res = http::get_response(
  port:port,
  method:'GET',
  item:version_uri
);

if ('200 OK' >!< res[0])
{
  dbg::detailed_log(
    src:SCRIPT_NAME,
    lvl:2,
    msg:'HTTP Response details.',
    msg_details:
      {
        'HTTP Response Code': {'lvl':2, 'value':res[0]},
        'HTTP Headers': {'lvl':2, 'value':res[3]},
        'HTTP Body': {'lvl': 2, value:res[2]}
      }
  );
  exit(1, 'Failed to retrieve BIG-IP version info');
}

# this pattern works for older versions
var match = pregmatch(pattern:'title=["\']BIG-IP ([^"\']+)', string:res[2]);
var version = UNKNOWN_VER;
if (match)
{
  version = match[1];
}
else
{
  # BIG-IP 17.5.1.3 Build 0.0.19 Point Release 3
  var pattern = "BIG-IP\s+([\d.]+)\s+Build\s+[\d.]+\s+Point Release";
  match = pregmatch(string:res[2], pattern:pattern);
  if (match) version = match[1];
}

replace_kb_item(name:strcat('www/', port, '/bigip/version'), value:version);

register_install(
  vendor: 'F5',
  product: 'BIG-IP',
  app_name: app_name,
  path: '/',
  version: version,
  webapp: TRUE,
  port: port,
  cpe: 'cpe:/h:f5:big-ip'
);

report_installs(app_name: app_name, port: port);
24 Nov 2025 00:00Current
5.5Medium risk
Vulners AI Score5.5