Man-in-the-middle attack in BIG-IP PEM

#VU8920 Man-in-the-middle attack in BIG-IP PEM

Published: 2017-10-24 | Updated: 2018-02-16

Vulnerability identifier: #VU8920

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-6144

CWE-ID: CWE-300

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
BIG-IP PEM
Hardware solutions / Security hardware applicances

Vendor: F5 Networks

Description
The vulnerability allows an adjacent attacker to conduct MITM-attack.

The weakness exists due to improper verification of certificates when the Type Allocation Code (TAC) database file is download via HTTPS. An adjacent attacker can use man-in-the-middle techniques to monitor the traffic from a user attempting to download the TAC database file via HTTPS and access or modify sensitive information in the TAC database file.

Mitigation
Update to version 12.1.2 HF 1 or 13.0.0.

Vulnerable software versions

BIG-IP PEM: 12.1.0 - 12.1.2

CPE

cpe:2.3:h:f5_networks:big-ip_pem:12.1.2:*:*:*:*:*:*:*

External links
http://support.f5.com/csp/article/K81601350

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Man-in-the-middle in F5 BIG-IP PEM