ID F5_BIGIP_SOL13600.NASL Type nessus Reporter Tenable Modified 2019-01-04T00:00:00
Description
A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell (SSH). The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.
The following platforms are affected by this issue :
Note : Systems that are licensed to run in Appliance mode on BIG-IP 10.2.1 HF3 or later are not susceptible to this vulnerability. For more information about Appliance mode, refer to K12815: Overview of Appliance mode.
The only sign that this vulnerability may have been exploited on an affected system would be the appearance of unexpected root login messages in the /var/log/secure file. However, there is no way to tell from any specific login message whether it was the result of this vulnerability. Further, it is possible for a privileged account to eliminate traces of illicit activity by modifying the log files.
Neither a strong password policy nor remote authentication helps mitigate the issue. For information about protecting your system from exploitation, refer to the Recommended Action section below.
F5 would like to acknowledge Florent Daigniere of Matta Consulting for bringing this issue to our attention, and for following the highest standards of responsible disclosure.
Impact
Privileged (root) access may be granted to unauthenticated users.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K13600.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(78136);
script_version("1.14");
script_cvs_date("Date: 2019/01/04 10:03:40");
script_bugtraq_id(53897);
script_name(english:"F5 Networks BIG-IP : SSH vulnerability (K13600)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"A platform-specific remote access vulnerability has been discovered
that may allow a remote user to gain privileged access to affected
systems using secure shell (SSH). The vulnerability is caused by a
configuration error, and is not the result of an underlying SSH
defect.
The following platforms are affected by this issue :
VIPRION B2100, B4100, and B4200
BIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900,
8900, 8950, 11000, and 11050
BIG-IP Virtual Edition
Enterprise Manager 3000 and 4000
Note : Systems that are licensed to run in Appliance mode on BIG-IP
10.2.1 HF3 or later are not susceptible to this vulnerability. For
more information about Appliance mode, refer to K12815: Overview of
Appliance mode.
The only sign that this vulnerability may have been exploited on an
affected system would be the appearance of unexpected root login
messages in the /var/log/secure file. However, there is no way to tell
from any specific login message whether it was the result of this
vulnerability. Further, it is possible for a privileged account to
eliminate traces of illicit activity by modifying the log files.
Neither a strong password policy nor remote authentication helps
mitigate the issue. For information about protecting your system from
exploitation, refer to the Recommended Action section below.
F5 would like to acknowledge Florent Daigniere of Matta Consulting for
bringing this issue to our attention, and for following the highest
standards of responsible disclosure.
Impact
Privileged (root) access may be granted to unauthenticated users."
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K12815"
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K13600"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K13600."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
script_set_attribute(attribute:"patch_publication_date", value:"2012/06/06");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "K13600";
vmatrix = make_array();
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("10.1.0-10.2.3HF1","11.0.0-11.0.0HF1","11.1.0-11.1.0HF2");
vmatrix["APM"]["unaffected"] = make_list("10.2.4","11.0.0HF2","11.1.0HF3","11.2","11.3","11.4");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("9.2.0-9.4.8HF4","10.0.0-10.2.3HF1","11.0.0-11.0.0HF1","11.1.0-11.1.0HF2");
vmatrix["ASM"]["unaffected"] = make_list("9.4.8HF5","10.2.4","11.0.0HF2","11.1.0HF3","11.2","11.3","11.4");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.0.0HF1","11.1.0-11.1.0HF2");
vmatrix["AVR"]["unaffected"] = make_list("11.0.0HF2","11.1.0HF3","11.2","11.3","11.4");
# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected" ] = make_list("9.2.2-9.4.8HF4","10.0.0-10.2.3HF1","11.0.0-11.0.0HF1","11.1.0-11.1.0HF2");
vmatrix["GTM"]["unaffected"] = make_list("9.4.8HF5","10.2.4","11.0.0HF2","11.1.0HF3","11.2","11.3","11.4");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("9.2.2-9.4.8HF4","10.0.0-10.2.3HF1","11.0.0-11.0.0HF1","11.1.0-11.1.0HF2");
vmatrix["LC"]["unaffected"] = make_list("9.4.8HF5","10.2.4","11.0.0HF2","11.1.0HF3","11.2","11.3");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("9.0.0-9.4.8HF4","10.0.0-10.2.3HF1","11.0.0-11.0.0HF1","11.1.0-11.1.0HF2");
vmatrix["LTM"]["unaffected"] = make_list("9.4.8HF5","10.2.4","11.0.0HF2","11.1.0HF3","11.2","11.3","11.4");
# PSM
vmatrix["PSM"] = make_array();
vmatrix["PSM"]["affected" ] = make_list("9.4.5-9.4.8HF4","10.0.0-10.2.3HF1","11.0.0-11.0.0HF1","11.1.0-11.1.0HF2");
vmatrix["PSM"]["unaffected"] = make_list("9.4.8HF5","10.2.4","11.0.0HF2","11.1.0HF3","11.2","11.3","11.4");
# WOM
vmatrix["WOM"] = make_array();
vmatrix["WOM"]["affected" ] = make_list("10.0.0-10.2.3HF1","11.0.0-11.0.0HF1","11.1.0-11.1.0HF2");
vmatrix["WOM"]["unaffected"] = make_list("10.2.4","11.0.0HF2","11.1.0HF3","11.2","11.3");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
{"id": "F5_BIGIP_SOL13600.NASL", "bulletinFamily": "scanner", "title": "F5 Networks BIG-IP : SSH vulnerability (K13600)", "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell (SSH). The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900, 8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP 10.2.1 HF3 or later are not susceptible to this vulnerability. For more information about Appliance mode, refer to K12815: Overview of Appliance mode.\n\nThe only sign that this vulnerability may have been exploited on an affected system would be the appearance of unexpected root login messages in the /var/log/secure file. However, there is no way to tell from any specific login message whether it was the result of this vulnerability. Further, it is possible for a privileged account to eliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps mitigate the issue. For information about protecting your system from exploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.", "published": "2014-10-10T00:00:00", "modified": "2019-01-04T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "reporter": "Tenable", "references": ["https://support.f5.com/csp/article/K13600", "https://support.f5.com/csp/article/K12815"], "cvelist": [], "type": "nessus", "lastseen": "2019-02-21T01:22:30", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell (SSH). The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900, 8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP 10.2.1 HF3 or later are not susceptible to this vulnerability. For more information about Appliance mode, refer to K12815: Overview of Appliance mode.\n\nThe only sign that this vulnerability may have been exploited on an affected system would be the appearance of unexpected root login messages in the /var/log/secure file. However, there is no way to tell from any specific login message whether it was the result of this vulnerability. Further, it is possible for a privileged account to eliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps mitigate the issue. For information about protecting your system from exploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.", "edition": 10, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "2214a761878246ad22fd617a3e8850292b51dd2c01d915658e5ad2dfa5a04cc5", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cd23e33df2607a7fbb3346f842e277ec", "key": "title"}, {"hash": "aa56a5421e31ef8a213cbe64cb6362a2", "key": "references"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "0f15336091ea8e5b97a1b035bc7545a3", "key": "cpe"}, {"hash": "5bbe05ed7d8208f1ae724d84472b87a6", "key": "sourceData"}, {"hash": "a3aededa0cb619537fb66503015ee624", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2018-11-29T19:37:15", "modified": "2018-11-28T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.3", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["https://support.f5.com/csp/#/article/K13600", "https://support.f5.com/csp/article/K12815"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_bugtraq_id(53897);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (K13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using secure shell (SSH). The vulnerability is caused by a\nconfiguration error, and is not the result of an underlying SSH\ndefect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900,\n8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP\n10.2.1 HF3 or later are not susceptible to this vulnerability. For\nmore information about Appliance mode, refer to K12815: Overview of\nAppliance mode.\n\nThe only sign that this vulnerability may have been exploited on an\naffected system would be the appearance of unexpected root login\nmessages in the /var/log/secure file. However, there is no way to tell\nfrom any specific login message whether it was the result of this\nvulnerability. Further, it is possible for a privileged account to\neliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps\nmitigate the issue. For information about protecting your system from\nexploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for\nbringing this issue to our attention, and for following the highest\nstandards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/#/article/K13600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K12815\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (K13600)", "type": "nessus", "viewCount": 13}, "differentElements": ["references", "modified", "sourceData"], "edition": 10, "lastseen": "2018-11-29T19:37:15"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2012-1493"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.", "edition": 4, "hash": "9ae7f3006b7d199b780247a3f6ce7d3b32e4236983d22a954e00798f09f8c7a7", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "f943653279bbd2e4ad2646eeb2001138", "key": "title"}, {"hash": "e48a79138fc58c0cb47b03f10539e521", "key": "references"}, {"hash": "4bab9bca2f5ee69def6c15d78bbcb0c4", "key": "description"}, {"hash": "1e5d5c9f371a19ff54fc183bf08db4e9", "key": "modified"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "26869e21cc249e2b92666073e35b4696", "key": "cvelist"}, {"hash": "d3d19da4457f942edcda11e3283bb2e3", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2017-03-29T03:21:04", "modified": "2017-03-28T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.2", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["http://www.nessus.org/u?612be7b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2017/03/28 13:31:42 $\");\n\n script_cve_id(\"CVE-2012-1493\");\n script_bugtraq_id(53897);\n script_osvdb_id(82780);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (SOL13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using SSH. The vulnerability is caused by a configuration\nerror, and is not the result of an underlying SSH defect.\"\n );\n # http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?612be7b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'F5 BIG-IP SSH Private Key Exposure');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (SOL13600)", "type": "nessus", "viewCount": 6}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2017-03-29T03:21:04"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2012-1493"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.", "edition": 2, "hash": "fecad4d549924651b85477cbbd31479ac0f47e7549e228edec33d8e508737385", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "f9600b7dd9d7327eb0020f532eb9fa41", "key": "sourceData"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "37224b82cfe3e55637ca5c1702ca9789", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "f943653279bbd2e4ad2646eeb2001138", "key": "title"}, {"hash": "e48a79138fc58c0cb47b03f10539e521", "key": "references"}, {"hash": "4bab9bca2f5ee69def6c15d78bbcb0c4", "key": "description"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "26869e21cc249e2b92666073e35b4696", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2016-10-31T21:26:10", "modified": "2016-10-31T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.2", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["http://www.nessus.org/u?612be7b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/10/31 13:45:41 $\");\n\n script_cve_id(\"CVE-2012-1493\");\n script_bugtraq_id(53897);\n script_osvdb_id(82780);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (SOL13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using SSH. The vulnerability is caused by a configuration\nerror, and is not the result of an underlying SSH defect.\"\n );\n # http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?612be7b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'F5 BIG-IP SSH Private Key Exposure');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (SOL13600)", "type": "nessus", "viewCount": 6}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2016-10-31T21:26:10"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2012-1493"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.", "edition": 5, "hash": "c7daebd261e553ca2c924cc4aae92a731cf6ebd134cadf8d96f093ba0a5e0635", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "bb6b0fc7b64d17d15f06a6745e0fb713", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "f943653279bbd2e4ad2646eeb2001138", "key": "title"}, {"hash": "e48a79138fc58c0cb47b03f10539e521", "key": "references"}, {"hash": "57d6154f106b7ee99a09de1535c33f3b", "key": "sourceData"}, {"hash": "4bab9bca2f5ee69def6c15d78bbcb0c4", "key": "description"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "26869e21cc249e2b92666073e35b4696", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2017-03-30T21:44:27", "modified": "2017-03-30T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.2", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["http://www.nessus.org/u?612be7b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/03/30 13:31:42 $\");\n\n script_cve_id(\"CVE-2012-1493\");\n script_bugtraq_id(53897);\n script_osvdb_id(82780);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (SOL13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using SSH. The vulnerability is caused by a configuration\nerror, and is not the result of an underlying SSH defect.\"\n );\n # http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?612be7b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'F5 BIG-IP SSH Private Key Exposure');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (SOL13600)", "type": "nessus", "viewCount": 6}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2017-03-30T21:44:27"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "cvelist": ["CVE-2012-1493"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.", "edition": 7, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "f0a6ee91b2243957d85abf93ffaeca69de4cb445c84b45e03d360d13b7342bb9", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "55ad1d210e0f5f77555bd264ac4f3f87", "key": "modified"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "f943653279bbd2e4ad2646eeb2001138", "key": "title"}, {"hash": "e48a79138fc58c0cb47b03f10539e521", "key": "references"}, {"hash": "4bab9bca2f5ee69def6c15d78bbcb0c4", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "a2a454a67de0f35b8480487e167e3b45", "key": "sourceData"}, {"hash": "0f15336091ea8e5b97a1b035bc7545a3", "key": "cpe"}, {"hash": "26869e21cc249e2b92666073e35b4696", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2017-10-29T13:42:12", "modified": "2017-04-03T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.3", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["http://www.nessus.org/u?612be7b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2017/04/03 14:49:09 $\");\n\n script_cve_id(\"CVE-2012-1493\");\n script_bugtraq_id(53897);\n script_osvdb_id(82780);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (SOL13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using SSH. The vulnerability is caused by a configuration\nerror, and is not the result of an underlying SSH defect.\"\n );\n # http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?612be7b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'F5 BIG-IP SSH Private Key Exposure');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (SOL13600)", "type": "nessus", "viewCount": 9}, "differentElements": ["cvss", "references", "description", "cvelist", "modified", "sourceData", "title"], "edition": 7, "lastseen": "2017-10-29T13:42:12"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell (SSH). The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900, 8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP 10.2.1 HF3 or later are not susceptible to this vulnerability. For more information about Appliance mode, refer to K12815: Overview of Appliance mode.\n\nThe only sign that this vulnerability may have been exploited on an affected system would be the appearance of unexpected root login messages in the /var/log/secure file. However, there is no way to tell from any specific login message whether it was the result of this vulnerability. Further, it is possible for a privileged account to eliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps mitigate the issue. For information about protecting your system from exploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.", "edition": 11, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "5efbeaf6e17f96708d9989a42033b3db17e994ec8a6538112a4e83e2f1011441", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cd23e33df2607a7fbb3346f842e277ec", "key": "title"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "20b353d8ba2a98b2825be3dfb021c6d5", "key": "modified"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "0f15336091ea8e5b97a1b035bc7545a3", "key": "cpe"}, {"hash": "0837298596526a7778d5e243add39a30", "key": "references"}, {"hash": "e98c1b37cbbb41fc6b95e7ba3d308a2c", "key": "sourceData"}, {"hash": "a3aededa0cb619537fb66503015ee624", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2019-01-05T02:26:16", "modified": "2019-01-04T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.3", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["https://support.f5.com/csp/article/K13600", "https://support.f5.com/csp/article/K12815"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_bugtraq_id(53897);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (K13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using secure shell (SSH). The vulnerability is caused by a\nconfiguration error, and is not the result of an underlying SSH\ndefect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900,\n8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP\n10.2.1 HF3 or later are not susceptible to this vulnerability. For\nmore information about Appliance mode, refer to K12815: Overview of\nAppliance mode.\n\nThe only sign that this vulnerability may have been exploited on an\naffected system would be the appearance of unexpected root login\nmessages in the /var/log/secure file. However, there is no way to tell\nfrom any specific login message whether it was the result of this\nvulnerability. Further, it is possible for a privileged account to\neliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps\nmitigate the issue. For information about protecting your system from\nexploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for\nbringing this issue to our attention, and for following the highest\nstandards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K12815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K13600\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (K13600)", "type": "nessus", "viewCount": 13}, "differentElements": ["description"], "edition": 11, "lastseen": "2019-01-05T02:26:16"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2012-1493"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.", "edition": 6, "enchantments": {}, "hash": "958d0686e34a2ba82173e36446255d179c5cfe2ff7a7b1246f11fb7effc2bb0e", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "55ad1d210e0f5f77555bd264ac4f3f87", "key": "modified"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "f943653279bbd2e4ad2646eeb2001138", "key": "title"}, {"hash": "e48a79138fc58c0cb47b03f10539e521", "key": "references"}, {"hash": "4bab9bca2f5ee69def6c15d78bbcb0c4", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "a2a454a67de0f35b8480487e167e3b45", "key": "sourceData"}, {"hash": "26869e21cc249e2b92666073e35b4696", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2017-04-03T21:44:42", "modified": "2017-04-03T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.2", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["http://www.nessus.org/u?612be7b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2017/04/03 14:49:09 $\");\n\n script_cve_id(\"CVE-2012-1493\");\n script_bugtraq_id(53897);\n script_osvdb_id(82780);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (SOL13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using SSH. The vulnerability is caused by a configuration\nerror, and is not the result of an underlying SSH defect.\"\n );\n # http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?612be7b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'F5 BIG-IP SSH Private Key Exposure');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (SOL13600)", "type": "nessus", "viewCount": 8}, "differentElements": ["cpe"], "edition": 6, "lastseen": "2017-04-03T21:44:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell (SSH). The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900, 8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP 10.2.1 HF3 or later are not susceptible to this vulnerability. For more information about Appliance mode, refer to K12815: Overview of Appliance mode.\n\nThe only sign that this vulnerability may have been exploited on an affected system would be the appearance of unexpected root login messages in the /var/log/secure file. However, there is no way to tell from any specific login message whether it was the result of this vulnerability. Further, it is possible for a privileged account to eliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps mitigate the issue. For information about protecting your system from exploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.", "edition": 8, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a6a5080871fd771a0b0adf122ed331322bec48a54bb536401c9dc3b721d882ae", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cd23e33df2607a7fbb3346f842e277ec", "key": "title"}, {"hash": "aa56a5421e31ef8a213cbe64cb6362a2", "key": "references"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "b5a80f76c78e114049073d8b791f173e", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "f278f0d5006445f9aae9927776777abe", "key": "sourceData"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "0f15336091ea8e5b97a1b035bc7545a3", "key": "cpe"}, {"hash": "a3aededa0cb619537fb66503015ee624", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2018-06-21T20:02:08", "modified": "2018-06-19T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.3", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["https://support.f5.com/csp/#/article/K13600", "https://support.f5.com/csp/article/K12815"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/06/19 13:03:24\");\n\n script_bugtraq_id(53897);\n script_osvdb_id(82780);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (K13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using secure shell (SSH). The vulnerability is caused by a\nconfiguration error, and is not the result of an underlying SSH\ndefect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900,\n8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP\n10.2.1 HF3 or later are not susceptible to this vulnerability. For\nmore information about Appliance mode, refer to K12815: Overview of\nAppliance mode.\n\nThe only sign that this vulnerability may have been exploited on an\naffected system would be the appearance of unexpected root login\nmessages in the /var/log/secure file. However, there is no way to tell\nfrom any specific login message whether it was the result of this\nvulnerability. Further, it is possible for a privileged account to\neliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps\nmitigate the issue. For information about protecting your system from\nexploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for\nbringing this issue to our attention, and for following the highest\nstandards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/#/article/K13600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K12815\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'F5 BIG-IP SSH Private Key Exposure');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (K13600)", "type": "nessus", "viewCount": 10}, "differentElements": ["modified", "sourceData"], "edition": 8, "lastseen": "2018-06-21T20:02:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using secure shell (SSH). The vulnerability is caused by a\nconfiguration error, and is not the result of an underlying SSH\ndefect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900,\n8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP\n10.2.1 HF3 or later are not susceptible to this vulnerability. For\nmore information about Appliance mode, refer to K12815: Overview of\nAppliance mode.\n\nThe only sign that this vulnerability may have been exploited on an\naffected system would be the appearance of unexpected root login\nmessages in the /var/log/secure file. However, there is no way to tell\nfrom any specific login message whether it was the result of this\nvulnerability. Further, it is possible for a privileged account to\neliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps\nmitigate the issue. For information about protecting your system from\nexploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for\nbringing this issue to our attention, and for following the highest\nstandards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.", "edition": 12, "enchantments": {"dependencies": {"modified": "2019-01-16T20:19:49", "references": []}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "e38fa9dee96c5b327280df4776796e4c4b000798453367b596dcf4848fe56892", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cd23e33df2607a7fbb3346f842e277ec", "key": "title"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "20b353d8ba2a98b2825be3dfb021c6d5", "key": "modified"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "99de5fd4957a0154ef5f90be1d4fd2e9", "key": "description"}, {"hash": "0f15336091ea8e5b97a1b035bc7545a3", "key": "cpe"}, {"hash": "0837298596526a7778d5e243add39a30", "key": "references"}, {"hash": "e98c1b37cbbb41fc6b95e7ba3d308a2c", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2019-01-16T20:19:49", "modified": "2019-01-04T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.3", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["https://support.f5.com/csp/article/K13600", "https://support.f5.com/csp/article/K12815"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_bugtraq_id(53897);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (K13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using secure shell (SSH). The vulnerability is caused by a\nconfiguration error, and is not the result of an underlying SSH\ndefect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900,\n8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP\n10.2.1 HF3 or later are not susceptible to this vulnerability. For\nmore information about Appliance mode, refer to K12815: Overview of\nAppliance mode.\n\nThe only sign that this vulnerability may have been exploited on an\naffected system would be the appearance of unexpected root login\nmessages in the /var/log/secure file. However, there is no way to tell\nfrom any specific login message whether it was the result of this\nvulnerability. Further, it is possible for a privileged account to\neliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps\nmitigate the issue. For information about protecting your system from\nexploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for\nbringing this issue to our attention, and for following the highest\nstandards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K12815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K13600\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (K13600)", "type": "nessus", "viewCount": 15}, "differentElements": ["description"], "edition": 12, "lastseen": "2019-01-16T20:19:49"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2012-1493"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.", "edition": 1, "hash": "fc42976b4e71b81195b323dea30fe17c59b1a1208dc43f713dee813dbb7804ce", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "30f8a3cd16450f4fae9f6381156dd10d", "key": "modified"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "f943653279bbd2e4ad2646eeb2001138", "key": "title"}, {"hash": "e48a79138fc58c0cb47b03f10539e521", "key": "references"}, {"hash": "67021120b7e68fa9cd3338f21a890ec5", "key": "sourceData"}, {"hash": "4bab9bca2f5ee69def6c15d78bbcb0c4", "key": "description"}, {"hash": "bd3952b3be9545211626e577575b61c1", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "26869e21cc249e2b92666073e35b4696", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2016-09-26T17:25:44", "modified": "2016-05-20T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.2", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["http://www.nessus.org/u?612be7b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/05/20 13:54:16 $\");\n\n script_cve_id(\"CVE-2012-1493\");\n script_bugtraq_id(53897);\n script_osvdb_id(82780);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (SOL13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using SSH. The vulnerability is caused by a configuration\nerror, and is not the result of an underlying SSH defect.\"\n );\n # http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?612be7b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'F5 BIG-IP SSH Private Key Exposure');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:protocol_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (SOL13600)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:25:44"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2012-1493"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.", "edition": 3, "hash": "6a94ad84f3089fa7fa7dbaa4010dcc7e366a1b947bc2fb57a7e2bdc565e5e066", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b05a32ad6da801a2fe39bcfc1c4dbcc0", "key": "modified"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "f943653279bbd2e4ad2646eeb2001138", "key": "title"}, {"hash": "e48a79138fc58c0cb47b03f10539e521", "key": "references"}, {"hash": "4641272e51a74d9c1389f45e92ca2e78", "key": "sourceData"}, {"hash": "4bab9bca2f5ee69def6c15d78bbcb0c4", "key": "description"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "26869e21cc249e2b92666073e35b4696", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2017-03-28T01:20:38", "modified": "2017-03-27T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.2", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["http://www.nessus.org/u?612be7b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2017/03/27 13:24:14 $\");\n\n script_cve_id(\"CVE-2012-1493\");\n script_bugtraq_id(53897);\n script_osvdb_id(82780);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (SOL13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using SSH. The vulnerability is caused by a configuration\nerror, and is not the result of an underlying SSH defect.\"\n );\n # http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?612be7b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'F5 BIG-IP SSH Private Key Exposure');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (SOL13600)", "type": "nessus", "viewCount": 6}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-03-28T01:20:38"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell (SSH). The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900, 8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP 10.2.1 HF3 or later are not susceptible to this vulnerability. For more information about Appliance mode, refer to K12815: Overview of Appliance mode.\n\nThe only sign that this vulnerability may have been exploited on an affected system would be the appearance of unexpected root login messages in the /var/log/secure file. However, there is no way to tell from any specific login message whether it was the result of this vulnerability. Further, it is possible for a privileged account to eliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps mitigate the issue. For information about protecting your system from exploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.", "edition": 9, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "aa9740502c2d087b86310ea5dc2d4445c5eef6dbcd55c3a365762c75cc04b1f7", "hashmap": [{"hash": "bdb08e0bcf44481460bf76084a48d27e", "key": "published"}, {"hash": "83c4c44108e0926c93e70fe0cd4625df", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "cd23e33df2607a7fbb3346f842e277ec", "key": "title"}, {"hash": "aa56a5421e31ef8a213cbe64cb6362a2", "key": "references"}, {"hash": "6f0db2b292e056363ee8eeede15a171f", "key": "href"}, {"hash": "63329048f010c87d85370bb01ea70b93", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2dcf3faa111f9fea4396c3dc793c3a6f", "key": "pluginID"}, {"hash": "fb2005932145ec17d153900a05862b6d", "key": "naslFamily"}, {"hash": "0f15336091ea8e5b97a1b035bc7545a3", "key": "cpe"}, {"hash": "a3aededa0cb619537fb66503015ee624", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78136", "id": "F5_BIGIP_SOL13600.NASL", "lastseen": "2018-08-10T17:23:53", "modified": "2018-08-08T00:00:00", "naslFamily": "F5 Networks Local Security Checks", "objectVersion": "1.3", "pluginID": "78136", "published": "2014-10-10T00:00:00", "references": ["https://support.f5.com/csp/#/article/K13600", "https://support.f5.com/csp/article/K12815"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/08 12:52:14\");\n\n script_bugtraq_id(53897);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (K13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using secure shell (SSH). The vulnerability is caused by a\nconfiguration error, and is not the result of an underlying SSH\ndefect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900,\n8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP\n10.2.1 HF3 or later are not susceptible to this vulnerability. For\nmore information about Appliance mode, refer to K12815: Overview of\nAppliance mode.\n\nThe only sign that this vulnerability may have been exploited on an\naffected system would be the appearance of unexpected root login\nmessages in the /var/log/secure file. However, there is no way to tell\nfrom any specific login message whether it was the result of this\nvulnerability. Further, it is possible for a privileged account to\neliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps\nmitigate the issue. For information about protecting your system from\nexploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for\nbringing this issue to our attention, and for following the highest\nstandards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/#/article/K13600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K12815\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "title": "F5 Networks BIG-IP : SSH vulnerability (K13600)", "type": "nessus", "viewCount": 11}, "differentElements": ["modified", "sourceData"], "edition": 9, "lastseen": "2018-08-10T17:23:53"}], "edition": 13, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "0f15336091ea8e5b97a1b035bc7545a3"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "a3aededa0cb619537fb66503015ee624"}, {"key": "href", "hash": "6f0db2b292e056363ee8eeede15a171f"}, {"key": "modified", "hash": "20b353d8ba2a98b2825be3dfb021c6d5"}, {"key": "naslFamily", "hash": "fb2005932145ec17d153900a05862b6d"}, {"key": "pluginID", "hash": "2dcf3faa111f9fea4396c3dc793c3a6f"}, {"key": "published", "hash": "bdb08e0bcf44481460bf76084a48d27e"}, {"key": "references", "hash": "0837298596526a7778d5e243add39a30"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "e98c1b37cbbb41fc6b95e7ba3d308a2c"}, {"key": "title", "hash": "cd23e33df2607a7fbb3346f842e277ec"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "5efbeaf6e17f96708d9989a42033b3db17e994ec8a6538112a4e83e2f1011441", "viewCount": 21, "enchantments": {"dependencies": {"references": [], "modified": "2019-02-21T01:22:30"}, "score": {"value": -0.0, "vector": "NONE", "modified": "2019-02-21T01:22:30"}, "vulnersScore": -0.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K13600.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78136);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_bugtraq_id(53897);\n\n script_name(english:\"F5 Networks BIG-IP : SSH vulnerability (K13600)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A platform-specific remote access vulnerability has been discovered\nthat may allow a remote user to gain privileged access to affected\nsystems using secure shell (SSH). The vulnerability is caused by a\nconfiguration error, and is not the result of an underlying SSH\ndefect.\n\nThe following platforms are affected by this issue :\n\nVIPRION B2100, B4100, and B4200\n\nBIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900,\n8900, 8950, 11000, and 11050\n\nBIG-IP Virtual Edition\n\nEnterprise Manager 3000 and 4000\n\nNote : Systems that are licensed to run in Appliance mode on BIG-IP\n10.2.1 HF3 or later are not susceptible to this vulnerability. For\nmore information about Appliance mode, refer to K12815: Overview of\nAppliance mode.\n\nThe only sign that this vulnerability may have been exploited on an\naffected system would be the appearance of unexpected root login\nmessages in the /var/log/secure file. However, there is no way to tell\nfrom any specific login message whether it was the result of this\nvulnerability. Further, it is possible for a privileged account to\neliminate traces of illicit activity by modifying the log files.\n\nNeither a strong password policy nor remote authentication helps\nmitigate the issue. For information about protecting your system from\nexploitation, refer to the Recommended Action section below.\n\nF5 would like to acknowledge Florent Daigniere of Matta Consulting for\nbringing this issue to our attention, and for following the highest\nstandards of responsible disclosure.\n\nImpact\n\nPrivileged (root) access may be granted to unauthenticated users.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K12815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K13600\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K13600.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K13600\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8HF4\",\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9.4.8HF5\",\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\",\"11.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.3HF1\",\"11.0.0-11.0.0HF1\",\"11.1.0-11.1.0HF2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.4\",\"11.0.0HF2\",\"11.1.0HF3\",\"11.2\",\"11.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "naslFamily": "F5 Networks Local Security Checks", "pluginID": "78136", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "scheme": null}
