Vulnerabilities > CVE-2017-6165 - Information Exposure Through Log Files vulnerability in F5 products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

CWE-532

nessus

NVD

Published: 2017-10-20

Updated: 2017-11-15

Summary

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Access Policy Manager 11.5.1 F5 BIG IP Access Policy Manager 11.5.2 F5 BIG IP Access Policy Manager 11.5.3 F5 BIG IP Access Policy Manager 11.5.4 F5 BIG IP Access Policy Manager 11.6.0 F5 BIG IP Access Policy Manager 11.6.1 F5 BIG IP Access Policy Manager 12.0.0 F5 BIG IP Access Policy Manager 12.1.0 F5 BIG IP Access Policy Manager 12.1.1 F5 BIG IP Access Policy Manager 12.1.2 F5 BIG IP Advanced Firewall Manager 11.5.1 F5 BIG IP Advanced Firewall Manager 11.5.2 F5 BIG IP Advanced Firewall Manager 11.5.3 F5 BIG IP Advanced Firewall Manager 11.5.4 F5 BIG IP Advanced Firewall Manager 11.6.0 F5 BIG IP Advanced Firewall Manager 11.6.1 F5 BIG IP Advanced Firewall Manager 12.0.0 F5 BIG IP Advanced Firewall Manager 12.1.0 F5 BIG IP Advanced Firewall Manager 12.1.1 F5 BIG IP Advanced Firewall Manager 12.1.2 F5 BIG IP Analytics 11.5.1 F5 BIG IP Analytics 11.5.2 F5 BIG IP Analytics 11.5.3 F5 BIG IP Analytics 11.5.4 F5 BIG IP Analytics 11.6.0 F5 BIG IP Analytics 11.6.1 F5 BIG IP Analytics 12.0.0 F5 BIG IP Analytics 12.1.0 F5 BIG IP Analytics 12.1.1 F5 BIG IP Analytics 12.2.0 F5 BIG IP Application Acceleration Manager 11.5.1 F5 BIG IP Application Acceleration Manager 11.5.2 F5 BIG IP Application Acceleration Manager 11.5.3 F5 BIG IP Application Acceleration Manager 11.5.4 F5 BIG IP Application Acceleration Manager 11.6.0 F5 BIG IP Application Acceleration Manager 11.6.1 F5 BIG IP Application Acceleration Manager 12.0.0 F5 BIG IP Application Acceleration Manager 12.1.0 F5 BIG IP Application Acceleration Manager 12.1.1 F5 BIG IP Application Acceleration Manager 12.1.2 F5 BIG IP Application Security Manager 11.5.1 F5 BIG IP Application Security Manager 11.5.2 F5 BIG IP Application Security Manager 11.5.3 F5 BIG IP Application Security Manager 11.5.4 F5 BIG IP Application Security Manager 11.6.0 F5 BIG IP Application Security Manager 11.6.1 F5 BIG IP Application Security Manager 12.0.0 F5 BIG IP Application Security Manager 12.1.0 F5 BIG IP Application Security Manager 12.1.1 F5 BIG IP Application Security Manager 12.1.2 F5 BIG IP Domain Name System 11.5.1 F5 BIG IP Domain Name System 11.5.2 F5 BIG IP Domain Name System 11.5.3 F5 BIG IP Domain Name System 11.5.4 F5 BIG IP Domain Name System 11.6.0 F5 BIG IP Domain Name System 11.6.1 F5 BIG IP Domain Name System 12.0.0 F5 BIG IP Domain Name System 12.1.0 F5 BIG IP Domain Name System 12.1.1 F5 BIG IP Domain Name System 12.1.2 F5 BIG IP Global Traffic Manager 11.5.1 F5 BIG IP Global Traffic Manager 11.5.2 F5 BIG IP Global Traffic Manager 11.5.3 F5 BIG IP Global Traffic Manager 11.5.4 F5 BIG IP Global Traffic Manager 11.6.0 F5 BIG IP Global Traffic Manager 11.6.1 F5 BIG IP Global Traffic Manager 12.0.0 F5 BIG IP Global Traffic Manager 12.1.0 F5 BIG IP Global Traffic Manager 12.1.1 F5 BIG IP Global Traffic Manager 12.1.2 F5 BIG IP Link Controller 11.5.1 F5 BIG IP Link Controller 11.5.2 F5 BIG IP Link Controller 11.5.3 F5 BIG IP Link Controller 11.5.4 F5 BIG IP Link Controller 11.6.0 F5 BIG IP Link Controller 11.6.1 F5 BIG IP Link Controller 12.0.0 F5 BIG IP Link Controller 12.1.0 F5 BIG IP Link Controller 12.1.1 F5 BIG IP Link Controller 12.1.2 F5 BIG IP Local Traffic Manager 11.5.1 F5 BIG IP Local Traffic Manager 11.5.2 F5 BIG IP Local Traffic Manager 11.5.3 F5 BIG IP Local Traffic Manager 11.5.4 F5 BIG IP Local Traffic Manager 11.6.0 F5 BIG IP Local Traffic Manager 11.6.1 F5 BIG IP Local Traffic Manager 12.0.0 F5 BIG IP Local Traffic Manager 12.1.0 F5 BIG IP Local Traffic Manager 12.1.1 F5 BIG IP Local Traffic Manager 12.1.2 F5 BIG IP Policy Enforcement Manager 11.5.1 F5 BIG IP Policy Enforcement Manager 11.5.2 F5 BIG IP Policy Enforcement Manager 11.5.3 F5 BIG IP Policy Enforcement Manager 11.5.4 F5 BIG IP Policy Enforcement Manager 11.6.0 F5 BIG IP Policy Enforcement Manager 11.6.1 F5 BIG IP Policy Enforcement Manager 12.0.0 F5 BIG IP Policy Enforcement Manager 12.1.0 F5 BIG IP Policy Enforcement Manager 12.1.1 F5 BIG IP Policy Enforcement Manager 12.1.2 F5 BIG IP Websafe 11.5.1 F5 BIG IP Websafe 11.5.2 F5 BIG IP Websafe 11.5.3 F5 BIG IP Websafe 11.5.4 F5 BIG IP Websafe 11.6.0 F5 BIG IP Websafe 11.6.1 F5 BIG IP Websafe 12.0.0 F5 BIG IP Websafe 12.1.0 F5 BIG IP Websafe 12.1.1 F5 BIG IP Websafe 12.1.2	110
Hardware	F5 F5 Viprion Application Delivery Controller -	1

Common Weakness Enumeration (CWE)

CWE-532 - Information Exposure Through Log Files

Common Attack Pattern Enumeration and Classification (CAPEC)

Fuzzing and observing application log data/errors for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.

Nessus

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL74759095.NASL
description	In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the
last seen	2020-06-01
modified	2020-06-02
plugin id	103995
published	2017-10-20
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103995
title	F5 Networks BIG-IP : SafeNet External Network HSM script vulnerability (K74759095)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References