#VU8920 Man-in-the-middle attack in BIG-IP PEM - CVE-2017-6144

Cybersecurity Help s.r.o.

Published: 2017-10-24 | Updated: 2018-02-16

Vulnerability identifier: #VU8920

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6144

CWE-ID: CWE-300

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
BIG-IP PEM
Hardware solutions / Security hardware applicances

Vendor: F5 Networks

Description
The vulnerability allows an adjacent attacker to conduct MITM-attack.

The weakness exists due to improper verification of certificates when the Type Allocation Code (TAC) database file is download via HTTPS. An adjacent attacker can use man-in-the-middle techniques to monitor the traffic from a user attempting to download the TAC database file via HTTPS and access or modify sensitive information in the TAC database file.

Mitigation
Update to version 12.1.2 HF 1 or 13.0.0.

Vulnerable software versions

BIG-IP PEM: 12.1.0 - 12.1.2

External links
https://support.f5.com/csp/article/K81601350

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Man-in-the-middle in F5 BIG-IP PEM