Vulnerabilities > CVE-2014-9326 - Unspecified vulnerability in F5 products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

nessus

NVD

Published: 2015-05-12

Updated: 2017-01-03

Summary

The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. <a href="https://cwe.mitre.org/data/definitions/295.html">CWE-295: Improper Certificate Validation</a>

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Application Acceleration Manager 11.5.0 F5 BIG IP Application Acceleration Manager 11.5.1 F5 BIG IP Application Acceleration Manager 11.5.2 F5 BIG IP Application Acceleration Manager 11.6.0 F5 BIG IP Policy Enforcement Manager 11.3.0 F5 BIG IP Policy Enforcement Manager 11.4.0 F5 BIG IP Policy Enforcement Manager 11.4.1 F5 BIG IP Policy Enforcement Manager 11.5.0 F5 BIG IP Policy Enforcement Manager 11.5.2 F5 BIG IP Policy Enforcement Manager 11.6.0 F5 BIG IP Policy Enforcement Manager11.5.1 * F5 BIG IP Global Traffic Manager 11.5.0 F5 BIG IP Global Traffic Manager 11.5.1 F5 BIG IP Global Traffic Manager 11.5.2 F5 BIG IP Global Traffic Manager 11.6.0 F5 BIG IP Advanced Firewall Manager 11.5.0 F5 BIG IP Advanced Firewall Manager 11.5.1 F5 BIG IP Advanced Firewall Manager 11.5.2 F5 BIG IP Advanced Firewall Manager 11.6.0 F5 BIG IP Local Traffic Manager 11.5.0 F5 BIG IP Local Traffic Manager 11.5.1 F5 BIG IP Local Traffic Manager 11.5.2 F5 BIG IP Local Traffic Manager 11.6.0 F5 BIG IP Application Security Manager 11.5.0 F5 BIG IP Application Security Manager 11.5.1 F5 BIG IP Application Security Manager 11.5.2 F5 BIG IP Application Security Manager 11.6.0 F5 BIG IP Link Controller 11.5.0 F5 BIG IP Link Controller 11.5.1 F5 BIG IP Link Controller 11.5.2 F5 BIG IP Link Controller 11.6.0 F5 BIG IP Access Policy Manager 11.5.0 F5 BIG IP Access Policy Manager 11.5.1 F5 BIG IP Access Policy Manager 11.5.2 F5 BIG IP Access Policy Manager 11.6.0 F5 BIG IP Analytics 11.5.0 F5 BIG IP Analytics 11.5.1 F5 BIG IP Analytics 11.5.2 F5 BIG IP Analytics 11.6.0	39

Nessus

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL16090.NASL
description	The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. (CVE-2014-9326) Impact In the scenario where DNS records for callhome.f5.com are compromised, an attacker may be able to deliver a malicious payload to the BIG-IP system.
last seen	2020-06-01
modified	2020-06-02
plugin id	83148
published	2015-04-30
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83148
title	F5 Networks BIG-IP : BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability (K16090)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K16090. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(83148); script_version("2.11"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2014-9326"); script_bugtraq_id(74650); script_name(english:"F5 Networks BIG-IP : BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability (K16090)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. (CVE-2014-9326) Impact In the scenario where DNS records for callhome.f5.com are compromised, an attacker may be able to deliver a malicious payload to the BIG-IP system." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K16090" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K16090." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K16090"; vmatrix = make_array(); if (report_paranoia < 2) audit(AUDIT_PARANOID); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("11.5.0-11.6.0"); vmatrix["AFM"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("11.5.0-11.6.0"); vmatrix["AM"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("11.5.0-11.6.0"); vmatrix["APM"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("10.0.0-11.6.0"); vmatrix["ASM"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.3","11.5.2HF1","11.5.1HF8"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("11.5.0-11.6.0"); vmatrix["AVR"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("11.5.0-11.6.0"); vmatrix["GTM"]["unaffected"] = make_list("11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("11.5.0-11.6.0"); vmatrix["LC"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("11.5.0-11.6.0"); vmatrix["LTM"]["unaffected"] = make_list("12.0.0","11.6.0HF4","11.5.2","11.5.1HF8","11.5.0HF7","11.0.0-11.4.1","10.0.0-10.2.4"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.6.0"); vmatrix["PEM"]["unaffected"] = make_list("12.0.0","11.5.3","11.6.0HF4","11.5.2HF1","11.5.1HF8"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get()); else security_warning(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }

Summary

Vulnerable Configurations

Nessus

References