Design/Logic Flaw

2019-04-1515:29:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.7%

JSON

Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms.

CPENameOperatorVersion
big-ip_access_policy_managerge12.1.2
big-ip_access_policy_managerlt12.1.4.1
big-ip_access_policy_managerge13.0.0
big-ip_access_policy_managerlt13.1.1.4
big-ip_access_policy_managerge14.0.0
big-ip_access_policy_managerlt14.1.0.2
big-ip_access_policy_managereq12.1.1 hf2
big-ip_advanced_firewall_managerge12.1.2
big-ip_advanced_firewall_managerlt12.1.4.1
big-ip_advanced_firewall_managerge13.0.0

Name	Operator	Version
big-ip_access_policy_manager	ge	12.1.2
big-ip_access_policy_manager	lt	12.1.4.1
big-ip_access_policy_manager	ge	13.0.0
big-ip_access_policy_manager	lt	13.1.1.4
big-ip_access_policy_manager	ge	14.0.0
big-ip_access_policy_manager	lt	14.1.0.2
big-ip_access_policy_manager	eq	12.1.1 hf2
big-ip_advanced_firewall_manager	ge	12.1.2
big-ip_advanced_firewall_manager	lt	12.1.4.1
big-ip_advanced_firewall_manager	ge	13.0.0

Rows per page:

1-10 of 911

References

support.f5.com/csp/article/K18535734