Lucene search
F5 Networks BIG-IP : Linux kernel vulnerability (K09604370)
🗓️ 19 Mar 2021 00:00:00Reported by This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.Type 
nessus🔗 www.tenable.com👁 87 Views
Linux kernel vulnerability allows off-path remote user to bypass UDP port randomization, impacting confidentiality and integrity
Show more
10
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K09604370.
#
# The text description of this plugin is (C) F5 Networks.
#
include('compat.inc');
if (description)
{
script_id(147905);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id("CVE-2020-25705");
script_xref(name:"CEA-ID", value:"CEA-2020-0138");
script_name(english:"F5 Networks BIG-IP : Linux kernel vulnerability (K09604370)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"A flaw in the way reply ICMP packets are limited in the Linux kernel
functionality was found that allows to quickly scan open UDP ports.
This flaw allows an off-path remote user to effectively bypassing
source port UDP randomization. The highest threat from this
vulnerability is to confidentiality and possibly integrity, because
software that relies on UDP source port randomization are indirectly
affected as well. Kernel versions before 5.10 may be vulnerable to
this issue. (CVE-2020-25705)
Impact
A remote off-path attacker can determine open User Datagram Protocol
(UDP) source ports on a vulnerable system based on Internet Control
Message Protocol (ICMP) error messages, making it possible to execute
a 'SAD DNS attack.'");
script_set_attribute(attribute:"see_also", value:"https://my.f5.com/manage/s/article/K09604370");
script_set_attribute(attribute:"solution", value:
"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K09604370.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25705");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/17");
script_set_attribute(attribute:"patch_publication_date", value:"2020/12/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/19");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_domain_name_system");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"F5 Networks Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include('f5_func.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var version = get_kb_item('Host/BIG-IP/version');
if ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');
if ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');
if ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
var sol = 'K09604370';
var vmatrix = {
'AFM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'AM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'APM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'ASM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'AVR': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'DNS': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'GTM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'LC': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'LTM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'PEM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
}
};
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
var extra = NULL;
if (report_verbosity > 0) extra = bigip_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
}
else
{
var tested = bigip_get_tested_modules();
var audit_extra = 'For BIG-IP module(s) ' + tested + ',';
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, 'running any of the affected modules');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo19 Mar 2021 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS25.8
CVSS37.4
EPSS0.00524