Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL16090.NASLHistoryApr 30, 2015 - 12:00 a.m.
F5 Networks BIG-IP : BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability (K16090)
2015-04-3000:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
108
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
49.8%
The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.
(CVE-2014-9326)
Impact
In the scenario where DNS records for callhome.f5.com are compromised, an attacker may be able to deliver a malicious payload to the BIG-IP system.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K16090.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(83148);
script_version("2.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/10");
script_cve_id("CVE-2014-9326");
script_bugtraq_id(74650);
script_name(english:"F5 Networks BIG-IP : BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability (K16090)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"The automatic signature update functionality in the (1) Phone Home
feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link
Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM
11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0
through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly
validate server SSL certificates, which allows remote attackers to
conduct man-in-the-middle attacks via a crafted certificate.
(CVE-2014-9326)
Impact
In the scenario where DNS records for callhome.f5.com are compromised,
an attacker may be able to deliver a malicious payload to the BIG-IP
system."
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K16090"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K16090."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/12");
script_set_attribute(attribute:"patch_publication_date", value:"2015/04/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "K16090";
vmatrix = make_array();
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected" ] = make_list("11.5.0-11.6.0");
vmatrix["AFM"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4");
# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected" ] = make_list("11.5.0-11.6.0");
vmatrix["AM"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4");
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("11.5.0-11.6.0");
vmatrix["APM"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("10.0.0-11.6.0");
vmatrix["ASM"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.3","11.5.2HF1","11.5.1HF8");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("11.5.0-11.6.0");
vmatrix["AVR"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4");
# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected" ] = make_list("11.5.0-11.6.0");
vmatrix["GTM"]["unaffected"] = make_list("11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("11.5.0-11.6.0");
vmatrix["LC"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("11.5.0-11.6.0");
vmatrix["LTM"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4");
# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.6.0");
vmatrix["PEM"]["unaffected"] = make_list("12.0.0","11.5.3","11.6.0HF4","11.5.2HF1","11.5.1HF8");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | cpe:/a:f5:big-ip_access_policy_manager | |
| f5 | big-ip_advanced_firewall_manager | cpe:/a:f5:big-ip_advanced_firewall_manager | |
| f5 | big-ip_application_acceleration_manager | cpe:/a:f5:big-ip_application_acceleration_manager | |
| f5 | big-ip_application_security_manager | cpe:/a:f5:big-ip_application_security_manager | |
| f5 | big-ip_application_visibility_and_reporting | cpe:/a:f5:big-ip_application_visibility_and_reporting | |
| f5 | big-ip_global_traffic_manager | cpe:/a:f5:big-ip_global_traffic_manager | |
| f5 | big-ip_link_controller | cpe:/a:f5:big-ip_link_controller | |
| f5 | big-ip_local_traffic_manager | cpe:/a:f5:big-ip_local_traffic_manager | |
| f5 | big-ip_policy_enforcement_manager | cpe:/a:f5:big-ip_policy_enforcement_manager | |
| f5 | big-ip | cpe:/h:f5:big-ip |
Related
cvelist
cvelist
CVE-2014-9326
2015-05-12 19:00:00
prion
prion
Code injection
2015-05-12 19:59:00
nvd
nvd
CVE-2014-9326
2015-05-12 19:59:03
f5
f5
cve
cve
CVE-2014-9326
2015-05-12 19:59:03
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
49.8%
Related for F5_BIGIP_SOL16090.NASL