Vulnerabilities > CVE-2015-8611 - Credentials Management vulnerability in F5 products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

CWE-255

critical

nessus

NVD

Published: 2016-01-12

Updated: 2016-01-14

Summary

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Domain Name System 12.0.0 F5 BIG IP Application Acceleration Manager 12.0.0 F5 BIG IP Link Controller 12.0.0 F5 BIG IP Policy Enforcement Manager 12.0.0 F5 BIG IP Advanced Firewall Manager 12.0.0 F5 BIG IP Local Traffic Manager 12.0.0 F5 BIG IP Access Policy Manager 12.0.0 F5 BIG IP Application Security Manager 12.0.0 F5 BIG IP Analytics 12.0.0	9

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Nessus

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL05272632.NASL
description	BIG-IP systems on the 2000, 4000, 5000, 7000, and 10000 platforms may fail to sync passwords to the Always-On-Management (AOM).
last seen	2020-06-01
modified	2020-06-02
plugin id	87786
published	2016-01-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87786
title	F5 Networks BIG-IP : BIG-IP AOM password sync vulnerability (SOL05272632)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution SOL05272632. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(87786); script_version("2.10"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2015-8611"); script_name(english:"F5 Networks BIG-IP : BIG-IP AOM password sync vulnerability (SOL05272632)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "BIG-IP systems on the 2000, 4000, 5000, 7000, and 10000 platforms may fail to sync passwords to the Always-On-Management (AOM)." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K05272632" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution SOL05272632." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "SOL05272632"; vmatrix = make_array(); if (report_paranoia < 2) audit(AUDIT_PARANOID); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("12.0.0"); vmatrix["AFM"]["unaffected"] = make_list("12.0.0HF1","11.3.0-11.6.0"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("12.0.0"); vmatrix["AM"]["unaffected"] = make_list("12.0.0HF1","11.4.0-11.6.0"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("12.0.0"); vmatrix["APM"]["unaffected"] = make_list("12.0.0HF1","11.0.0-11.6.0","10.1.0-10.2.4"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("12.0.0"); vmatrix["ASM"]["unaffected"] = make_list("12.0.0HF1","11.0.0-11.6.0","10.1.0-10.2.4"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("12.0.0"); vmatrix["AVR"]["unaffected"] = make_list("12.0.0HF1","11.0.0-11.6.0"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("12.0.0"); vmatrix["LC"]["unaffected"] = make_list("12.0.0HF1","11.0.0-11.6.0","10.1.0-10.2.4"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("12.0.0"); vmatrix["LTM"]["unaffected"] = make_list("12.0.0HF1","11.0.0-11.6.0","10.1.0-10.2.4"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("12.0.0"); vmatrix["PEM"]["unaffected"] = make_list("12.0.0HF1","11.3.0-11.6.0"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get()); else security_hole(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References