Vulnerabilities > CVE-2018-15329 - Missing Authorization vulnerability in F5 products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

CWE-862

nessus

NVD

Published: 2018-12-20

Updated: 2019-10-03

Summary

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Local Traffic Manager 12.1.0 F5 BIG IP Local Traffic Manager 12.1.1 F5 BIG IP Local Traffic Manager 12.1.2 F5 BIG IP Local Traffic Manager 12.1.3 F5 BIG IP Local Traffic Manager 12.1.3.1 F5 BIG IP Local Traffic Manager 12.1.3.2 F5 BIG IP Local Traffic Manager 12.1.3.3 F5 BIG IP Local Traffic Manager 12.1.3.4 F5 BIG IP Local Traffic Manager 12.1.3.5 F5 BIG IP Local Traffic Manager 12.1.3.6 F5 BIG IP Local Traffic Manager 12.1.3.7 F5 BIG IP Local Traffic Manager 13.0.0 F5 BIG IP Local Traffic Manager 13.0.1 F5 BIG IP Local Traffic Manager 13.1.0 F5 BIG IP Local Traffic Manager 13.1.0.0 F5 BIG IP Local Traffic Manager 13.1.0.1 F5 BIG IP Local Traffic Manager 13.1.0.2 F5 BIG IP Local Traffic Manager 13.1.0.3 F5 BIG IP Local Traffic Manager 13.1.0.4 F5 BIG IP Local Traffic Manager 13.1.0.5 F5 BIG IP Local Traffic Manager 13.1.0.6 F5 BIG IP Local Traffic Manager 13.1.0.7 F5 BIG IP Local Traffic Manager 13.1.0.8 F5 BIG IP Local Traffic Manager 13.1.1 F5 BIG IP Local Traffic Manager 13.1.1.1 F5 BIG IP Local Traffic Manager 14.0.0 F5 BIG IP Local Traffic Manager 14.0.0.2 F5 BIG IP Application Acceleration Manager 12.1.0 F5 BIG IP Application Acceleration Manager 12.1.1 F5 BIG IP Application Acceleration Manager 12.1.2 F5 BIG IP Application Acceleration Manager 12.1.3 F5 BIG IP Application Acceleration Manager 12.1.3.1 F5 BIG IP Application Acceleration Manager 12.1.3.2 F5 BIG IP Application Acceleration Manager 12.1.3.3 F5 BIG IP Application Acceleration Manager 12.1.3.4 F5 BIG IP Application Acceleration Manager 12.1.3.5 F5 BIG IP Application Acceleration Manager 12.1.3.6 F5 BIG IP Application Acceleration Manager 12.1.3.7 F5 BIG IP Application Acceleration Manager 13.0.0 F5 BIG IP Application Acceleration Manager 13.0.1 F5 BIG IP Application Acceleration Manager 13.1.0 F5 BIG IP Application Acceleration Manager 13.1.0.0 F5 BIG IP Application Acceleration Manager 13.1.0.1 F5 BIG IP Application Acceleration Manager 13.1.0.2 F5 BIG IP Application Acceleration Manager 13.1.0.3 F5 BIG IP Application Acceleration Manager 13.1.0.4 F5 BIG IP Application Acceleration Manager 13.1.0.5 F5 BIG IP Application Acceleration Manager 13.1.0.6 F5 BIG IP Application Acceleration Manager 13.1.0.7 F5 BIG IP Application Acceleration Manager 13.1.0.8 F5 BIG IP Application Acceleration Manager 13.1.1 F5 BIG IP Application Acceleration Manager 14.0.0 F5 BIG IP Application Acceleration Manager 14.0.0.1 F5 BIG IP Application Acceleration Manager 14.0.0.2 F5 BIG IP Advanced Firewall Manager 12.1.0 F5 BIG IP Advanced Firewall Manager 12.1.1 F5 BIG IP Advanced Firewall Manager 12.1.2 F5 BIG IP Advanced Firewall Manager 12.1.3 F5 BIG IP Advanced Firewall Manager 12.1.3.1 F5 BIG IP Advanced Firewall Manager 12.1.3.2 F5 BIG IP Advanced Firewall Manager 12.1.3.3 F5 BIG IP Advanced Firewall Manager 12.1.3.4 F5 BIG IP Advanced Firewall Manager 12.1.3.5 F5 BIG IP Advanced Firewall Manager 12.1.3.6 F5 BIG IP Advanced Firewall Manager 12.1.3.7 F5 BIG IP Advanced Firewall Manager 13.0.0 F5 BIG IP Advanced Firewall Manager 13.0.1 F5 BIG IP Advanced Firewall Manager 13.1.0 F5 BIG IP Advanced Firewall Manager 13.1.0.0 F5 BIG IP Advanced Firewall Manager 13.1.0.1 F5 BIG IP Advanced Firewall Manager 13.1.0.2 F5 BIG IP Advanced Firewall Manager 13.1.0.3 F5 BIG IP Advanced Firewall Manager 13.1.0.4 F5 BIG IP Advanced Firewall Manager 13.1.0.5 F5 BIG IP Advanced Firewall Manager 13.1.0.6 F5 BIG IP Advanced Firewall Manager 13.1.0.7 F5 BIG IP Advanced Firewall Manager 13.1.0.8 F5 BIG IP Advanced Firewall Manager 13.1.1 F5 BIG IP Advanced Firewall Manager 13.1.1.1 F5 BIG IP Advanced Firewall Manager 14.0.0 F5 BIG IP Advanced Firewall Manager 14.0.0.1 F5 BIG IP Advanced Firewall Manager 14.0.0.2 F5 BIG IP Analytics 12.1.0 F5 BIG IP Analytics 12.1.1 F5 BIG IP Analytics 12.1.2 F5 BIG IP Analytics 12.1.3 F5 BIG IP Analytics 12.1.3.1 F5 BIG IP Analytics 12.1.3.2 F5 BIG IP Analytics 12.1.3.3 F5 BIG IP Analytics 12.1.3.4 F5 BIG IP Analytics 12.1.3.5 F5 BIG IP Analytics 12.1.3.6 F5 BIG IP Analytics 12.1.3.7 F5 BIG IP Analytics 13.0.0 F5 BIG IP Analytics 13.0.1 F5 BIG IP Analytics 13.1.0 F5 BIG IP Analytics 13.1.0.0 F5 BIG IP Analytics 13.1.0.1 F5 BIG IP Analytics 13.1.0.2 F5 BIG IP Analytics 13.1.0.3 F5 BIG IP Analytics 13.1.0.4 F5 BIG IP Analytics 13.1.0.5 F5 BIG IP Analytics 13.1.0.6 F5 BIG IP Analytics 13.1.0.7 F5 BIG IP Analytics 13.1.0.8 F5 BIG IP Analytics 13.1.1 F5 BIG IP Analytics 13.1.1.1 F5 BIG IP Analytics 14.0.0 F5 BIG IP Analytics 14.0.0.1 F5 BIG IP Analytics 14.0.0.2 F5 BIG IP Access Policy Manager 12.1.0 F5 BIG IP Access Policy Manager 12.1.1 F5 BIG IP Access Policy Manager 12.1.2 F5 BIG IP Access Policy Manager 12.1.3 F5 BIG IP Access Policy Manager 12.1.3.1 F5 BIG IP Access Policy Manager 12.1.3.2 F5 BIG IP Access Policy Manager 12.1.3.3 F5 BIG IP Access Policy Manager 12.1.3.4 F5 BIG IP Access Policy Manager 12.1.3.5 F5 BIG IP Access Policy Manager 12.1.3.6 F5 BIG IP Access Policy Manager 12.1.3.7 F5 BIG IP Access Policy Manager 13.0.0 F5 BIG IP Access Policy Manager 13.0.0.0 F5 BIG IP Access Policy Manager 13.0.1 F5 BIG IP Access Policy Manager 13.1.0 F5 BIG IP Access Policy Manager 13.1.0.1 F5 BIG IP Access Policy Manager 13.1.0.2 F5 BIG IP Access Policy Manager 13.1.0.3 F5 BIG IP Access Policy Manager 13.1.0.4 F5 BIG IP Access Policy Manager 13.1.0.5 F5 BIG IP Access Policy Manager 13.1.0.6 F5 BIG IP Access Policy Manager 13.1.0.7 F5 BIG IP Access Policy Manager 13.1.0.8 F5 BIG IP Access Policy Manager 13.1.1 F5 BIG IP Access Policy Manager 13.1.1.1 F5 BIG IP Access Policy Manager 14.0.0 F5 BIG IP Access Policy Manager 14.0.0.2 F5 BIG IP Application Security Manager 12.1.0 F5 BIG IP Application Security Manager 12.1.1 F5 BIG IP Application Security Manager 12.1.2 F5 BIG IP Application Security Manager 12.1.3 F5 BIG IP Application Security Manager 12.1.3.1 F5 BIG IP Application Security Manager 12.1.3.2 F5 BIG IP Application Security Manager 12.1.3.3 F5 BIG IP Application Security Manager 12.1.3.4 F5 BIG IP Application Security Manager 12.1.3.5 F5 BIG IP Application Security Manager 12.1.3.6 F5 BIG IP Application Security Manager 12.1.3.7 F5 BIG IP Application Security Manager 13.0.0 F5 BIG IP Application Security Manager 13.0.1 F5 BIG IP Application Security Manager 13.1.0 F5 BIG IP Application Security Manager 13.1.0.0 F5 BIG IP Application Security Manager 13.1.0.1 F5 BIG IP Application Security Manager 13.1.0.2 F5 BIG IP Application Security Manager 13.1.0.3 F5 BIG IP Application Security Manager 13.1.0.4 F5 BIG IP Application Security Manager 13.1.0.5 F5 BIG IP Application Security Manager 13.1.0.6 F5 BIG IP Application Security Manager 13.1.0.7 F5 BIG IP Application Security Manager 13.1.0.8 F5 BIG IP Application Security Manager 13.1.1 F5 BIG IP Application Security Manager 13.1.1.1 F5 BIG IP Application Security Manager 14.0.0 F5 BIG IP Application Security Manager 14.0.0.1 F5 BIG IP Application Security Manager 14.0.0.2 F5 BIG IP Domain Name System 12.1.0 F5 BIG IP Domain Name System 12.1.1 F5 BIG IP Domain Name System 12.1.2 F5 BIG IP Domain Name System 12.1.3 F5 BIG IP Domain Name System 12.1.3.1 F5 BIG IP Domain Name System 12.1.3.2 F5 BIG IP Domain Name System 12.1.3.3 F5 BIG IP Domain Name System 12.1.3.4 F5 BIG IP Domain Name System 12.1.3.5 F5 BIG IP Domain Name System 12.1.3.6 F5 BIG IP Domain Name System 12.1.3.7 F5 BIG IP Domain Name System 13.0.0 F5 BIG IP Domain Name System 13.0.1 F5 BIG IP Domain Name System 13.1.0 F5 BIG IP Domain Name System 13.1.0.0 F5 BIG IP Domain Name System 13.1.0.1 F5 BIG IP Domain Name System 13.1.0.2 F5 BIG IP Domain Name System 13.1.0.3 F5 BIG IP Domain Name System 13.1.0.4 F5 BIG IP Domain Name System 13.1.0.5 F5 BIG IP Domain Name System 13.1.0.6 F5 BIG IP Domain Name System 13.1.0.7 F5 BIG IP Domain Name System 13.1.0.8 F5 BIG IP Domain Name System 13.1.1 F5 BIG IP Domain Name System 13.1.1.1 F5 BIG IP Domain Name System 14.0.0 F5 BIG IP Domain Name System 14.0.0.1 F5 BIG IP Domain Name System 14.0.0.2 F5 BIG IP Edge Gateway 12.1.0 F5 BIG IP Edge Gateway 12.1.1 F5 BIG IP Edge Gateway 12.1.2 F5 BIG IP Edge Gateway 12.1.3 F5 BIG IP Edge Gateway 12.1.3.1 F5 BIG IP Edge Gateway 12.1.3.2 F5 BIG IP Edge Gateway 12.1.3.3 F5 BIG IP Edge Gateway 12.1.3.4 F5 BIG IP Edge Gateway 12.1.3.5 F5 BIG IP Edge Gateway 12.1.3.6 F5 BIG IP Edge Gateway 12.1.3.7 F5 BIG IP Edge Gateway 13.0.0 F5 BIG IP Edge Gateway 13.0.1 F5 BIG IP Edge Gateway 13.1.0 F5 BIG IP Edge Gateway 13.1.0.0 F5 BIG IP Edge Gateway 13.1.0.1 F5 BIG IP Edge Gateway 13.1.0.2 F5 BIG IP Edge Gateway 13.1.0.3 F5 BIG IP Edge Gateway 13.1.0.4 F5 BIG IP Edge Gateway 13.1.0.5 F5 BIG IP Edge Gateway 13.1.0.6 F5 BIG IP Edge Gateway 13.1.0.7 F5 BIG IP Edge Gateway 13.1.0.8 F5 BIG IP Edge Gateway 13.1.1 F5 BIG IP Edge Gateway 13.1.1.1 F5 BIG IP Edge Gateway 14.0.0 F5 BIG IP Edge Gateway 14.0.0.1 F5 BIG IP Edge Gateway 14.0.0.2 F5 BIG IP Fraud Protection Service 12.1.0 F5 BIG IP Fraud Protection Service 12.1.1 F5 BIG IP Fraud Protection Service 12.1.2 F5 BIG IP Fraud Protection Service 12.1.3 F5 BIG IP Fraud Protection Service 12.1.3.1 F5 BIG IP Fraud Protection Service 12.1.3.2 F5 BIG IP Fraud Protection Service 12.1.3.3 F5 BIG IP Fraud Protection Service 12.1.3.4 F5 BIG IP Fraud Protection Service 12.1.3.5 F5 BIG IP Fraud Protection Service 12.1.3.6 F5 BIG IP Fraud Protection Service 12.1.3.7 F5 BIG IP Fraud Protection Service 13.0.0 F5 BIG IP Fraud Protection Service 13.0.1 F5 BIG IP Fraud Protection Service 13.1.0 F5 BIG IP Fraud Protection Service 13.1.0.0 F5 BIG IP Fraud Protection Service 13.1.0.1 F5 BIG IP Fraud Protection Service 13.1.0.2 F5 BIG IP Fraud Protection Service 13.1.0.3 F5 BIG IP Fraud Protection Service 13.1.0.4 F5 BIG IP Fraud Protection Service 13.1.0.5 F5 BIG IP Fraud Protection Service 13.1.0.6 F5 BIG IP Fraud Protection Service 13.1.0.7 F5 BIG IP Fraud Protection Service 13.1.0.8 F5 BIG IP Fraud Protection Service 13.1.1 F5 BIG IP Fraud Protection Service 13.1.1.1 F5 BIG IP Fraud Protection Service 14.0.0 F5 BIG IP Fraud Protection Service 14.0.0.1 F5 BIG IP Fraud Protection Service 14.0.0.2 F5 BIG IP Global Traffic Manager 12.1.0 F5 BIG IP Global Traffic Manager 12.1.1 F5 BIG IP Global Traffic Manager 12.1.2 F5 BIG IP Global Traffic Manager 12.1.3 F5 BIG IP Global Traffic Manager 12.1.3.1 F5 BIG IP Global Traffic Manager 12.1.3.2 F5 BIG IP Global Traffic Manager 12.1.3.3 F5 BIG IP Global Traffic Manager 12.1.3.4 F5 BIG IP Global Traffic Manager 12.1.3.5 F5 BIG IP Global Traffic Manager 12.1.3.6 F5 BIG IP Global Traffic Manager 12.1.3.7 F5 BIG IP Global Traffic Manager 13.0.0 F5 BIG IP Global Traffic Manager 13.0.1 F5 BIG IP Global Traffic Manager 13.1.0 F5 BIG IP Global Traffic Manager 13.1.0.0 F5 BIG IP Global Traffic Manager 13.1.0.1 F5 BIG IP Global Traffic Manager 13.1.0.2 F5 BIG IP Global Traffic Manager 13.1.0.3 F5 BIG IP Global Traffic Manager 13.1.0.4 F5 BIG IP Global Traffic Manager 13.1.0.5 F5 BIG IP Global Traffic Manager 13.1.0.6 F5 BIG IP Global Traffic Manager 13.1.0.7 F5 BIG IP Global Traffic Manager 13.1.0.8 F5 BIG IP Global Traffic Manager 13.1.1 F5 BIG IP Global Traffic Manager 13.1.1.1 F5 BIG IP Global Traffic Manager 14.0.0 F5 BIG IP Global Traffic Manager 14.0.0.1 F5 BIG IP Global Traffic Manager 14.0.0.2 F5 BIG IP Link Controller 12.1.0 F5 BIG IP Link Controller 12.1.1 F5 BIG IP Link Controller 12.1.2 F5 BIG IP Link Controller 12.1.3 F5 BIG IP Link Controller 12.1.3.1 F5 BIG IP Link Controller 12.1.3.2 F5 BIG IP Link Controller 12.1.3.3 F5 BIG IP Link Controller 12.1.3.4 F5 BIG IP Link Controller 12.1.3.5 F5 BIG IP Link Controller 12.1.3.6 F5 BIG IP Link Controller 12.1.3.7 F5 BIG IP Link Controller 13.0.0 F5 BIG IP Link Controller 13.0.1 F5 BIG IP Link Controller 13.1.0 F5 BIG IP Link Controller 13.1.0.0 F5 BIG IP Link Controller 13.1.0.1 F5 BIG IP Link Controller 13.1.0.2 F5 BIG IP Link Controller 13.1.0.3 F5 BIG IP Link Controller 13.1.0.4 F5 BIG IP Link Controller 13.1.0.5 F5 BIG IP Link Controller 13.1.0.6 F5 BIG IP Link Controller 13.1.0.7 F5 BIG IP Link Controller 13.1.0.8 F5 BIG IP Link Controller 13.1.1 F5 BIG IP Link Controller 13.1.1.1 F5 BIG IP Link Controller 14.0.0 F5 BIG IP Link Controller 14.0.0.1 F5 BIG IP Link Controller 14.0.0.2 F5 BIG IP Policy Enforcement Manager 12.1.0 F5 BIG IP Policy Enforcement Manager 12.1.1 F5 BIG IP Policy Enforcement Manager 12.1.2 F5 BIG IP Policy Enforcement Manager 12.1.3 F5 BIG IP Policy Enforcement Manager 12.1.3.1 F5 BIG IP Policy Enforcement Manager 12.1.3.2 F5 BIG IP Policy Enforcement Manager 12.1.3.3 F5 BIG IP Policy Enforcement Manager 12.1.3.4 F5 BIG IP Policy Enforcement Manager 12.1.3.5 F5 BIG IP Policy Enforcement Manager 12.1.3.6 F5 BIG IP Policy Enforcement Manager 12.1.3.7 F5 BIG IP Policy Enforcement Manager 13.0.0 F5 BIG IP Policy Enforcement Manager 13.0.1 F5 BIG IP Policy Enforcement Manager 13.1.0 F5 BIG IP Policy Enforcement Manager 13.1.0.0 F5 BIG IP Policy Enforcement Manager 13.1.0.1 F5 BIG IP Policy Enforcement Manager 13.1.0.2 F5 BIG IP Policy Enforcement Manager 13.1.0.3 F5 BIG IP Policy Enforcement Manager 13.1.0.4 F5 BIG IP Policy Enforcement Manager 13.1.0.5 F5 BIG IP Policy Enforcement Manager 13.1.0.6 F5 BIG IP Policy Enforcement Manager 13.1.0.7 F5 BIG IP Policy Enforcement Manager 13.1.0.8 F5 BIG IP Policy Enforcement Manager 13.1.1 F5 BIG IP Policy Enforcement Manager 13.1.1.1 F5 BIG IP Policy Enforcement Manager 14.0.0 F5 BIG IP Policy Enforcement Manager 14.0.0.1 F5 BIG IP Policy Enforcement Manager 14.0.0.2 F5 BIG IP Webaccelerator 12.1.0 F5 BIG IP Webaccelerator 12.1.1 F5 BIG IP Webaccelerator 12.1.2 F5 BIG IP Webaccelerator 12.1.3 F5 BIG IP Webaccelerator 12.1.3.1 F5 BIG IP Webaccelerator 12.1.3.2 F5 BIG IP Webaccelerator 12.1.3.3 F5 BIG IP Webaccelerator 12.1.3.4 F5 BIG IP Webaccelerator 12.1.3.5 F5 BIG IP Webaccelerator 12.1.3.6 F5 BIG IP Webaccelerator 12.1.3.7 F5 BIG IP Webaccelerator 13.0.0 F5 BIG IP Webaccelerator 13.0.1 F5 BIG IP Webaccelerator 13.1.0 F5 BIG IP Webaccelerator 13.1.0.0 F5 BIG IP Webaccelerator 13.1.0.1 F5 BIG IP Webaccelerator 13.1.0.2 F5 BIG IP Webaccelerator 13.1.0.3 F5 BIG IP Webaccelerator 13.1.0.4 F5 BIG IP Webaccelerator 13.1.0.5 F5 BIG IP Webaccelerator 13.1.0.6 F5 BIG IP Webaccelerator 13.1.0.7 F5 BIG IP Webaccelerator 13.1.0.8 F5 BIG IP Webaccelerator 13.1.1 F5 BIG IP Webaccelerator 13.1.1.1 F5 BIG IP Webaccelerator 14.0.0 F5 BIG IP Webaccelerator 14.0.0.1 F5 BIG IP Webaccelerator 14.0.0.2 F5 Enterprise Manager 3.1.1	398

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Nessus

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL61620494.NASL
description	When authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. (CVE-2018-15329) Impact This vulnerability may allow non-administrative TMUI users to run restricted commands.
last seen	2020-03-28
modified	2018-12-21
plugin id	119820
published	2018-12-21
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119820
title	F5 Networks BIG-IP : TMUI vulnerability (K61620494)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K61620494. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(119820); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27"); script_cve_id("CVE-2018-15329"); script_name(english:"F5 Networks BIG-IP : TMUI vulnerability (K61620494)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "When authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. (CVE-2018-15329) Impact This vulnerability may allow non-administrative TMUI users to run restricted commands." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K61620494" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K61620494." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K61620494"; vmatrix = make_array(); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.1.0-12.1.3"); vmatrix["AFM"]["unaffected"] = make_list("14.1.0","14.0.0.3","13.1.1.2","12.1.4"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.1.0-12.1.3"); vmatrix["AM"]["unaffected"] = make_list("14.1.0","14.0.0.3","13.1.1.2","12.1.4"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.1.0-12.1.3"); vmatrix["APM"]["unaffected"] = make_list("14.1.0","14.0.0.3","13.1.1.2","12.1.4"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.1.0-12.1.3"); vmatrix["ASM"]["unaffected"] = make_list("14.1.0","14.0.0.3","13.1.1.2","12.1.4"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.1.0-12.1.3"); vmatrix["AVR"]["unaffected"] = make_list("14.1.0","14.0.0.3","13.1.1.2","12.1.4"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.1.0-12.1.3"); vmatrix["GTM"]["unaffected"] = make_list("14.1.0","14.0.0.3","13.1.1.2","12.1.4"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.1.0-12.1.3"); vmatrix["LC"]["unaffected"] = make_list("14.1.0","14.0.0.3","13.1.1.2","12.1.4"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.1.0-12.1.3"); vmatrix["LTM"]["unaffected"] = make_list("14.1.0","14.0.0.3","13.1.1.2","12.1.4"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.1.0-12.1.3"); vmatrix["PEM"]["unaffected"] = make_list("14.1.0","14.0.0.3","13.1.1.2","12.1.4"); # WAM vmatrix["WAM"] = make_array(); vmatrix["WAM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.1.0-12.1.3"); vmatrix["WAM"]["unaffected"] = make_list("14.1.0","14.0.0.3","13.1.1.2","12.1.4"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get()); else security_warning(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }

References

https://support.f5.com/csp/article/K61620494