Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL25046752.NASLHistoryAug 03, 2022 - 12:00 a.m.
F5 Networks BIG-IP : Traffic Intelligence feeds vulnerability (K25046752)
2022-08-0300:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
f5 networks big-ip
traffic intelligence feeds
vulnerability
remote host
version 14.1.5
version 15.1.6.1
version 16.1.0
cve-2022-34865
nessus scanner
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
9.3
Confidence
High
EPSS
0.002
Percentile
51.7%
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5 / 15.1.6.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K25046752 advisory.
- In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2022-34865)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K25046752.
#
# @NOAGENT@
##
include('compat.inc');
if (description)
{
script_id(163767);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/03");
script_cve_id("CVE-2022-34865");
script_xref(name:"IAVA", value:"2022-A-0306-S");
script_name(english:"F5 Networks BIG-IP : Traffic Intelligence feeds vulnerability (K25046752)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5 / 15.1.6.1 / 16.1.0. It is, therefore,
affected by a vulnerability as referenced in the K25046752 advisory.
- In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic
Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential
data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not
evaluated. (CVE-2022-34865)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://my.f5.com/manage/s/article/K25046752");
script_set_attribute(attribute:"solution", value:
"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K25046752.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-34865");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/03");
script_set_attribute(attribute:"patch_publication_date", value:"2022/08/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_domain_name_system");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"F5 Networks Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");
exit(0);
}
include('f5_func.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var version = get_kb_item('Host/BIG-IP/version');
if ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');
if ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');
if ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');
var sol = 'K25046752';
var vmatrix = {
'AFM': {
'affected': [
'15.1.0-15.1.6','14.1.0-14.1.4','13.1.0-13.1.5'
],
'unaffected': [
'16.1.0','15.1.6.1','14.1.5'
],
},
'APM': {
'affected': [
'15.1.0-15.1.6','14.1.0-14.1.4','13.1.0-13.1.5'
],
'unaffected': [
'16.1.0','15.1.6.1','14.1.5'
],
},
'ASM': {
'affected': [
'15.1.0-15.1.6','14.1.0-14.1.4','13.1.0-13.1.5'
],
'unaffected': [
'16.1.0','15.1.6.1','14.1.5'
],
},
'DNS': {
'affected': [
'15.1.0-15.1.6','14.1.0-14.1.4','13.1.0-13.1.5'
],
'unaffected': [
'16.1.0','15.1.6.1','14.1.5'
],
},
'GTM': {
'affected': [
'15.1.0-15.1.6','14.1.0-14.1.4','13.1.0-13.1.5'
],
'unaffected': [
'16.1.0','15.1.6.1','14.1.5'
],
},
'LTM': {
'affected': [
'15.1.0-15.1.6','14.1.0-14.1.4','13.1.0-13.1.5'
],
'unaffected': [
'16.1.0','15.1.6.1','14.1.5'
],
},
'PEM': {
'affected': [
'15.1.0-15.1.6','14.1.0-14.1.4','13.1.0-13.1.5'
],
'unaffected': [
'16.1.0','15.1.6.1','14.1.5'
],
},
'PSM': {
'affected': [
'15.1.0-15.1.6','14.1.0-14.1.4','13.1.0-13.1.5'
],
'unaffected': [
'16.1.0','15.1.6.1','14.1.5'
],
},
'WOM': {
'affected': [
'15.1.0-15.1.6','14.1.0-14.1.4','13.1.0-13.1.5'
],
'unaffected': [
'16.1.0','15.1.6.1','14.1.5'
],
}
};
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
var extra = NULL;
if (report_verbosity > 0) extra = bigip_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
}
else
{
var tested = bigip_get_tested_modules();
var audit_extra = 'For BIG-IP module(s) ' + tested + ',';
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, 'running any of the affected modules');
}
Related
cve
cve
CVE-2022-34865
2022-08-04 18:15:10
f5
f5
K25046752 : Traffic Intelligence feeds vulnerability CVE-2022-34865
2022-08-03 00:00:00
K14649763 : Overview of F5 vulnerabilities (August 2022)
2022-08-03 00:00:00
cnvd
cnvd
prion
prion
Design/Logic Flaw
2022-08-04 18:15:00
cvelist
cvelist
CVE-2022-34865 Traffic intelligence feeds vulnerability CVE-2022-34865
2022-08-04 17:48:25
nvd
nvd
CVE-2022-34865
2022-08-04 18:15:10
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
9.3
Confidence
High
EPSS
0.002
Percentile
51.7%
Related for F5_BIGIP_SOL25046752.NASL