Cryptographic issues in F5 Networks Client/Desktop applications

#VU50609 Cryptographic issues in F5 Networks Client/Desktop applications

Published: 2021-02-11

Vulnerability identifier: #VU50609

Vulnerability risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22981

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: No

Vendor: F5 Networks

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation.

Mitigation

Install updates from vendor's website.

The issue is fixed starting from 13.0.0 branch.

Vulnerable software versions

BIG-IP: 12.1.0 - 12.1.5.2, 11.6.1 - 11.6.5.2

BIG-IP LTM: 11.6.1 - 12.1.5.2

BIG-IP AAM: 11.6.1 - 12.1.5.2

BIG-IP Advanced WAF: 11.6.1 - 12.1.5.2

BIG-IP AFM: 11.6.1 - 12.1.5.2

BIG-IP Analytics: 11.6.1 - 12.1.5.2

BIG-IP APM: 11.6.1 - 12.1.5.2

BIG-IP ASM: 11.6.1 - 12.1.5.2

BIG-IP DDHD: 11.6.1 - 12.1.5.2

BIG-IP DNS: 11.6.1 - 12.1.5.2

BIG-IP FPS: 11.6.1 - 12.1.5.2

BIG-IP GTM: 11.6.1 - 12.1.5.2

BIG-IP Link Controller: 11.6.1 - 12.1.5.2

BIG-IP PEM: 11.6.1 - 12.1.5.2

BIG-IP SSLO: 11.6.1 - 12.1.5.2

External links
http://support.f5.com/csp/article/K09121542

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

MitM-attack in BIG-IP SSL/TLS implementation