Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL02692210.NASL
HistoryOct 27, 2017 - 12:00 a.m.

F5 Networks BIG-IP : BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability (K02692210)

2017-10-2700:00:00
This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.054

Percentile

93.2%

JSON

BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system.
(CVE-2017-6157)

Note : This vulnerability covers the scenarios that were not addressed in K35520031: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700.

F5 Technical Support has no additional information about this issue.

Impact

When this vulnerability is successfully exploited, a remote attacker may be able to modify the system configuration or extract sensitive system files.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K02692210.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(104187);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");

  script_cve_id("CVE-2016-5700", "CVE-2017-6157");

  script_name(english:"F5 Networks BIG-IP : BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability (K02692210)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"BIG-IP virtual servers with a configuration using the HTTP Explicit
Proxy functionality and/or SOCKS profile are vulnerable to an
unauthenticated, remote attack that allows modification of BIG-IP
system configuration, extraction of sensitive system files, and/or
possible remote command execution on the BIG-IP system.
(CVE-2017-6157)

Note : This vulnerability covers the scenarios that were not addressed
in K35520031: BIG-IP virtual server with HTTP Explicit Proxy and/or
SOCKS vulnerability CVE-2016-5700.

F5 Technical Support has no additional information about this issue.

Impact

When this vulnerability is successfully exploited, a remote attacker
may be able to modify the system configuration or extract sensitive
system files."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K02692210"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K35520031"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K02692210."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "K02692210";
vmatrix = make_array();

# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.5.0-11.5.4");
vmatrix["AFM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.2","11.5.5","11.4.1");

# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.5.0-11.5.4");
vmatrix["AM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.2","11.5.5","11.4.1");

# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.5.0-11.5.4");
vmatrix["APM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.2","11.5.5","11.4.1","11.2.1");

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.5.0-11.5.4");
vmatrix["ASM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.2","11.5.5","11.4.1","11.2.1");

# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.5.0-11.5.4");
vmatrix["LC"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.2","11.5.5","11.4.1","11.2.1");

# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.5.0-11.5.4");
vmatrix["LTM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.2","11.5.5","11.4.1","11.2.1");

# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.5.0-11.5.4");
vmatrix["PEM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.2","11.5.5","11.4.1");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}

Related

f5 4
cvelist 2
nvd 2
prion 2
cve 2
openvas 1
nessus 2
f5
f5
K02692210 : BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2017-6157
2017-10-26 00:00:00
K35520031 : BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700
2016-09-28 00:00:00
SOL35520031 - BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700
2016-09-28 00:00:00
cvelist
cvelist
CVE-2017-6157
2017-10-27 14:00:00
CVE-2016-5700
2016-10-03 16:00:00
nvd
nvd
CVE-2017-6157
2017-10-27 14:29:00
CVE-2016-5700
2016-10-03 16:09:13
prion
prion
Command injection
2017-10-27 14:29:00
Design/Logic Flaw
2016-10-03 16:09:00
cve
cve
CVE-2017-6157
2017-10-27 14:29:00
CVE-2016-5700
2016-10-03 16:09:13
openvas
openvas
F5 BIG-IP - BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700
2016-10-24 00:00:00
nessus
nessus
F5 Networks BIG-IP : BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability (K35520031)
2016-10-04 00:00:00
F5 Networks BIG-IP : BIG-IP Virtual Server HTTP Explicit Proxy / SOCKS Profile RCE (SOL35520031) (uncredentialed check)
2016-10-28 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.054

Percentile

93.2%

JSON
Related for F5_BIGIP_SOL02692210.NASL
f54cvelist2nvd2prion2cve2openvas1nessus2