SB2018051735 - Multiple vulnerabilities in F5 BIG-IP
Published: May 17, 2018 Updated: May 22, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2017-6143)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated. A remote attacker can gain access to potentially sensitive information.
2) Improper input validation (CVE-ID: CVE-2017-6156)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper input validation when the system is configured with a wildcard IPSec tunnel endpoint. A remote attacker can disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations.
3) Improper resource shutdown (CVE-ID: CVE-2017-6148)
CWE-ID: CWE-404 - Improper Resource Shutdown or Release
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to responses to SOCKS proxy requests made through the BIG-IP system. A remote attacker can cause the service to crash.
4) Improper resource shutdown (CVE-ID: CVE-2018-5507)
CWE-ID: CWE-404 - Improper Resource Shutdown or Release
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to incorrect decryption of ciphertext from established SSL sessions with small MTU. An adjacent attacker can cause the service to crash.
5) Brute-force attack (CVE-ID: CVE-2018-5506)
CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote unauthenticated attacker to bypass security restrctions on the target system.
The weakness exists in the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp due to handling of invalid IP addresses. A remote attacker can bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices.
6) Command injection (CVE-ID: CVE-2018-5511)
CWE-ID: CWE-77 - Command injection
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the Traffic Management User Interface due to command injection. A remote attacker can execute arbitrary commands with root privileges.
7) Data handling (CVE-ID: CVE-2018-5508)
CWE-ID: CWE-19 - Data Handling
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in TMM due to processing compressed data through a Virtual Server with an associated PEM profile using the content insertion option. A remote attacker can cause the service to crash.
8) Data handling (CVE-ID: CVE-2017-6158)
CWE-ID: CWE-19 - Data Handling
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in TMM due to handling of invalid IP addresses. A remote attacker can cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://support.f5.com/csp/article/K11464209
- https://support.f5.com/csp/article/K05263202
- https://support.f5.com/csp/article/K55225440
- https://support.f5.com/csp/article/K52521791
- https://support.f5.com/csp/article/K65355492
- https://support.f5.com/csp/article/K30500703
- https://support.f5.com/csp/article/K10329515
- https://support.f5.com/csp/article/K19361245