Code injection

2015-05-1219:59:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.8%

JSON

The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

CPENameOperatorVersion
big-ip_access_policy_managereq11.5.2
big-ip_access_policy_managereq11.5.0
big-ip_access_policy_managereq11.5.1
big-ip_access_policy_managereq11.6.0
big-ip_access_policy_managereq11.5.2
big-ip_access_policy_managereq11.5.0
big-ip_access_policy_managereq11.5.1
big-ip_access_policy_managereq11.6.0
big-ip_advanced_firewall_managereq11.5.2
big-ip_advanced_firewall_managereq11.6.0

Name	Operator	Version
big-ip_access_policy_manager	eq	11.5.2
big-ip_access_policy_manager	eq	11.5.0
big-ip_access_policy_manager	eq	11.5.1
big-ip_access_policy_manager	eq	11.6.0
big-ip_access_policy_manager	eq	11.5.2
big-ip_access_policy_manager	eq	11.5.0
big-ip_access_policy_manager	eq	11.5.1
big-ip_access_policy_manager	eq	11.6.0
big-ip_advanced_firewall_manager	eq	11.5.2
big-ip_advanced_firewall_manager	eq	11.6.0