ID OPENVAS:1361412562310107166 Type openvas Reporter Copyright (C) 2017 Greenbone Networks GmbH Modified 2020-04-03T00:00:00
Description
Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.
###############################################################################
# OpenVAS Vulnerability Test
#
# F5 BIG-IP - TMM vulnerability CVE-2016-9247
#
# Authors:
# Tameem Eissa <tameem.eissa@greenbone.net>
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/h:f5:big-ip";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.107166");
script_cve_id("CVE-2016-9247");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_version("2020-04-03T06:15:47+0000");
script_name("F5 BIG-IP - TMM vulnerability CVE-2016-9247");
script_xref(name:"URL", value:"https://support.f5.com/csp/article/K33500120");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"solution", value:"See the referenced vendor advisory for a solution.");
script_tag(name:"summary", value:"Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.");
script_tag(name:"impact", value:"An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"last_modification", value:"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)");
script_tag(name:"creation_date", value:"2017-05-17 14:28:20 +0200 (Wed, 17 May 2017)");
script_category(ACT_GATHER_INFO);
script_family("F5 Local Security Checks");
script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
script_dependencies("gb_f5_big_ip_version.nasl");
script_mandatory_keys("f5/big_ip/version", "f5/big_ip/active_modules");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
include("list_array_func.inc");
include("f5.inc");
if( ! version = get_app_version( cpe:CPE ) )
exit( 0 );
check_f5['LTM'] = make_array( 'affected', '12.1.0-12.1.1;',
'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;11.2.1;10.2.1-10.2.4;' );
check_f5['AAM'] = make_array( 'affected', '12.1.0-12.1.1;',
'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;' );
check_f5['AFM'] = make_array( 'affected', '12.1.0-12.1.1;',
'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;' );
check_f5['AVR'] = make_array( 'affected', '12.1.0-12.1.1;',
'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;11.2.1;' );
check_f5['APM'] = make_array( 'affected', '12.1.0-12.1.1;',
'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;11.2.1;10.2.1-10.2.4;' );
check_f5['ASM'] = make_array( 'affected', '12.1.0-12.1.1;',
'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;11.2.1;10.2.1-10.2.4;' );
check_f5['LC'] = make_array( 'affected', '12.1.0-12.1.1;',
'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;11.2.1;10.2.1-10.2.4;' );
check_f5['PEM'] = make_array( 'affected', '12.1.0-12.1.1;',
'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;' );
if( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {
security_message( port:0, data:report );
exit( 0 );
}
exit( 99 );
{"id": "OPENVAS:1361412562310107166", "type": "openvas", "bulletinFamily": "scanner", "title": "F5 BIG-IP - TMM vulnerability CVE-2016-9247", "description": "Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.", "published": "2017-05-17T00:00:00", "modified": "2020-04-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107166", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["https://support.f5.com/csp/article/K33500120"], "cvelist": ["CVE-2016-9247"], "lastseen": "2020-04-07T18:34:43", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-9247"]}, {"type": "f5", "idList": ["F5:K33500120"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL33500120.NASL"]}], "modified": "2020-04-07T18:34:43", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-04-07T18:34:43", "rev": 2}, "vulnersScore": 5.2}, "pluginID": "1361412562310107166", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - TMM vulnerability CVE-2016-9247\n#\n# Authors:\n# Tameem Eissa <tameem.eissa@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107166\");\n script_cve_id(\"CVE-2016-9247\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - TMM vulnerability CVE-2016-9247\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/csp/article/K33500120\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.\");\n\n script_tag(name:\"impact\", value:\"An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n\n script_tag(name:\"creation_date\", value:\"2017-05-17 14:28:20 +0200 (Wed, 17 May 2017)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '12.1.0-12.1.1;',\n 'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;11.2.1;10.2.1-10.2.4;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '12.1.0-12.1.1;',\n 'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '12.1.0-12.1.1;',\n 'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '12.1.0-12.1.1;',\n 'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;11.2.1;' );\n\ncheck_f5['APM'] = make_array( 'affected', '12.1.0-12.1.1;',\n 'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;11.2.1;10.2.1-10.2.4;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '12.1.0-12.1.1;',\n 'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;11.2.1;10.2.1-10.2.4;' );\n\ncheck_f5['LC'] = make_array( 'affected', '12.1.0-12.1.1;',\n 'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;11.2.1;10.2.1-10.2.4;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '12.1.0-12.1.1;',\n 'unaffected', '12.1.2;12.0.0;11.4.0-11.6.1;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "naslFamily": "F5 Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T06:28:13", "description": "Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.", "edition": 4, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-10T16:59:00", "title": "CVE-2016-9247", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9247"], "modified": "2017-07-27T01:29:00", "cpe": ["cpe:/a:f5:big-ip_domain_name_system:12.1.0", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.1", "cpe:/a:f5:big-ip_application_security_manager:12.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.0", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.1", "cpe:/a:f5:big-ip_domain_name_system:12.1.1", "cpe:/a:f5:big-ip_link_controller:12.1.1", "cpe:/a:f5:big-ip_websafe:12.1.0", "cpe:/a:f5:big-ip_access_policy_manager:12.1.0", "cpe:/a:f5:big-ip_analytics:12.1.1", "cpe:/a:f5:big-ip_access_policy_manager:12.1.1", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.0", "cpe:/a:f5:big-ip_websafe:12.1.1", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.1", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.1", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.0", "cpe:/a:f5:big-ip_application_security_manager:12.1.0", "cpe:/a:f5:big-ip_link_controller:12.1.0", "cpe:/a:f5:big-ip_analytics:12.1.0"], "id": "CVE-2016-9247", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9247", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:f5:big-ip_analytics:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_websafe:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_websafe:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:39:42", "bulletinFamily": "software", "cvelist": ["CVE-2016-9247"], "description": "\nF5 Product Development has assigned ID 630919 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H630919 on the **Diagnostics** > **Identified** > **High** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.1.0 - 12.1.1 | 12.1.2 \n12.0.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | High | TMM \nBIG-IP AAM | 12.1.0 - 12.1.1 | 12.1.2 \n12.0.0 \n11.4.0 - 11.6.1 | High | TMM \nBIG-IP AFM | 12.1.0 - 12.1.1 | 12.1.2 \n12.0.0 \n11.4.0 - 11.6.1 | High | TMM \nBIG-IP Analytics | 12.1.0 - 12.1.1 | 12.1.2 \n12.0.0 \n11.4.0 - 11.6.1 \n11.2.1 | High | TMM \nBIG-IP APM | 12.1.0 - 12.1.1 | 12.1.2 \n12.0.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | High | TMM \nBIG-IP ASM | 12.1.0 - 12.1.1 | 12.1.2 \n12.0.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | High | TMM \nBIG-IP DNS | 12.1.0 - 12.1.1 | 12.1.2 \n12.0.0 | High | TMM \nBIG-IP Edge Gateway | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | 12.1.0 - 12.1.1 | 12.1.2 \n12.0.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | High | TMM \nBIG-IP PEM | 12.1.0 - 12.1.1 | 12.1.2 \n12.0.0 \n11.4.0 - 11.6.1 | High | TMM \nBIG-IP PSM | None | 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP WebSafe | 12.1.0 - 12.1.1 | 12.1.2 \n12.0.0 \n11.6.0 - 11.6.1 | High | TMM \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.1.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.0.2 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone. F5 recommends removing the TCP analytics profile from the virtual server with the associated FastL4 profile.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2019-05-08T22:32:00", "published": "2016-12-16T01:20:00", "id": "F5:K33500120", "href": "https://support.f5.com/csp/article/K33500120", "title": "TMM vulnerability CVE-2016-9247", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-02-01T02:05:14", "description": "Under certain conditions for BIG-IP systems using a virtual server\nwith an associated FastL4 profile and TCP analytics profile, a\nspecific sequence of packets may cause the Traffic Management\nMicrokernel (TMM) to restart. (CVE-2016-9247)\n\nImpact\n\nAn attacker may be able to disrupt traffic or cause the BIG-IP system\nto fail over to another device in the device group.", "edition": 28, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-12-16T00:00:00", "title": "F5 Networks BIG-IP : TMM vulnerability (K33500120)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9247"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL33500120.NASL", "href": "https://www.tenable.com/plugins/nessus/95900", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K33500120.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95900);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/07/17 16:36:41\");\n\n script_cve_id(\"CVE-2016-9247\");\n\n script_name(english:\"F5 Networks BIG-IP : TMM vulnerability (K33500120)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Under certain conditions for BIG-IP systems using a virtual server\nwith an associated FastL4 profile and TCP analytics profile, a\nspecific sequence of packets may cause the Traffic Management\nMicrokernel (TMM) to restart. (CVE-2016-9247)\n\nImpact\n\nAn attacker may be able to disrupt traffic or cause the BIG-IP system\nto fail over to another device in the device group.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K33500120\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K33500120.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K33500120\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.1.0-12.1.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.2\",\"12.0.0\",\"11.4.0-11.6.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.1.0-12.1.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.2\",\"12.0.0\",\"11.4.0-11.6.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.1.0-12.1.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.2\",\"12.0.0\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.1.0-12.1.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.2\",\"12.0.0\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.1.0-12.1.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.2\",\"12.0.0\",\"11.4.0-11.6.1\",\"11.2.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.1.0-12.1.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.2\",\"12.0.0\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.1.0-12.1.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.2\",\"12.0.0\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.1.0-12.1.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.2\",\"12.0.0\",\"11.4.0-11.6.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}
