Vulnerabilities > CVE-2018-5506 - Unspecified vulnerability in F5 products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

nessus

NVD

Published: 2018-04-13

Updated: 2019-10-03

Summary

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Local Traffic Manager 11.2.1 F5 BIG IP Local Traffic Manager 11.5.1 F5 BIG IP Local Traffic Manager 11.5.2 F5 BIG IP Local Traffic Manager 11.5.3 F5 BIG IP Local Traffic Manager 11.5.4 F5 BIG IP Local Traffic Manager 11.5.5 F5 BIG IP Local Traffic Manager 11.6.1 F5 BIG IP Local Traffic Manager 12.1.0 F5 BIG IP Local Traffic Manager 12.1.1 F5 BIG IP Local Traffic Manager 12.1.2 F5 BIG IP Local Traffic Manager 12.1.3 F5 BIG IP Local Traffic Manager 12.1.3.1 F5 BIG IP Local Traffic Manager 13.0.0 F5 BIG IP Application Acceleration Manager 11.2.1 F5 BIG IP Application Acceleration Manager 11.5.1 F5 BIG IP Application Acceleration Manager 11.5.2 F5 BIG IP Application Acceleration Manager 11.5.3 F5 BIG IP Application Acceleration Manager 11.5.4 F5 BIG IP Application Acceleration Manager 11.5.5 F5 BIG IP Application Acceleration Manager 11.6.1 F5 BIG IP Application Acceleration Manager 12.1.0 F5 BIG IP Application Acceleration Manager 12.1.1 F5 BIG IP Application Acceleration Manager 12.1.2 F5 BIG IP Application Acceleration Manager 12.1.3 F5 BIG IP Application Acceleration Manager 12.1.3.1 F5 BIG IP Application Acceleration Manager 13.0.0 F5 BIG IP Advanced Firewall Manager 11.2.1 F5 BIG IP Advanced Firewall Manager 11.5.1 F5 BIG IP Advanced Firewall Manager 11.5.2 F5 BIG IP Advanced Firewall Manager 11.5.3 F5 BIG IP Advanced Firewall Manager 11.5.4 F5 BIG IP Advanced Firewall Manager 11.5.5 F5 BIG IP Advanced Firewall Manager 11.6.1 F5 BIG IP Advanced Firewall Manager 12.1.0 F5 BIG IP Advanced Firewall Manager 12.1.1 F5 BIG IP Advanced Firewall Manager 12.1.2 F5 BIG IP Advanced Firewall Manager 12.1.3 F5 BIG IP Advanced Firewall Manager 12.1.3.1 F5 BIG IP Advanced Firewall Manager 13.0.0 F5 BIG IP Analytics 11.2.1 F5 BIG IP Analytics 11.5.1 F5 BIG IP Analytics 11.5.2 F5 BIG IP Analytics 11.5.3 F5 BIG IP Analytics 11.5.4 F5 BIG IP Analytics 11.5.5 F5 BIG IP Analytics 11.6.1 F5 BIG IP Analytics 12.1.0 F5 BIG IP Analytics 12.1.1 F5 BIG IP Analytics 12.1.2 F5 BIG IP Analytics 12.1.3 F5 BIG IP Analytics 12.1.3.1 F5 BIG IP Analytics 13.0.0 F5 BIG IP Access Policy Manager 11.2.1 F5 BIG IP Access Policy Manager 11.5.1 F5 BIG IP Access Policy Manager 11.5.2 F5 BIG IP Access Policy Manager 11.5.3 F5 BIG IP Access Policy Manager 11.5.4 F5 BIG IP Access Policy Manager 11.5.5 F5 BIG IP Access Policy Manager 11.6.1 F5 BIG IP Access Policy Manager 12.1.0 F5 BIG IP Access Policy Manager 12.1.1 F5 BIG IP Access Policy Manager 12.1.2 F5 BIG IP Access Policy Manager 12.1.3 F5 BIG IP Access Policy Manager 12.1.3.1 F5 BIG IP Access Policy Manager 13.0.0 F5 BIG IP Application Security Manager 11.2.1 F5 BIG IP Application Security Manager 11.5.1 F5 BIG IP Application Security Manager 11.5.2 F5 BIG IP Application Security Manager 11.5.3 F5 BIG IP Application Security Manager 11.5.4 F5 BIG IP Application Security Manager 11.5.5 F5 BIG IP Application Security Manager 11.6.1 F5 BIG IP Application Security Manager 12.1.0 F5 BIG IP Application Security Manager 12.1.1 F5 BIG IP Application Security Manager 12.1.2 F5 BIG IP Application Security Manager 12.1.3 F5 BIG IP Application Security Manager 12.1.3.1 F5 BIG IP Application Security Manager 13.0.0 F5 BIG IP Edge Gateway 11.2.1 F5 BIG IP Edge Gateway 11.5.1 F5 BIG IP Edge Gateway 11.5.2 F5 BIG IP Edge Gateway 11.5.3 F5 BIG IP Edge Gateway 11.5.4 F5 BIG IP Edge Gateway 11.5.5 F5 BIG IP Edge Gateway 11.6.1 F5 BIG IP Edge Gateway 12.1.0 F5 BIG IP Edge Gateway 12.1.1 F5 BIG IP Edge Gateway 12.1.2 F5 BIG IP Edge Gateway 12.1.3 F5 BIG IP Edge Gateway 12.1.3.1 F5 BIG IP Edge Gateway 13.0.0 F5 BIG IP Global Traffic Manager 11.2.1 F5 BIG IP Global Traffic Manager 11.5.1 F5 BIG IP Global Traffic Manager 11.5.2 F5 BIG IP Global Traffic Manager 11.5.3 F5 BIG IP Global Traffic Manager 11.5.4 F5 BIG IP Global Traffic Manager 11.5.5 F5 BIG IP Global Traffic Manager 11.6.1 F5 BIG IP Global Traffic Manager 12.1.0 F5 BIG IP Global Traffic Manager 12.1.1 F5 BIG IP Global Traffic Manager 12.1.2 F5 BIG IP Global Traffic Manager 12.1.3 F5 BIG IP Global Traffic Manager 12.1.3.1 F5 BIG IP Global Traffic Manager 13.0.0 F5 BIG IP Link Controller 11.2.1 F5 BIG IP Link Controller 11.5.1 F5 BIG IP Link Controller 11.5.2 F5 BIG IP Link Controller 11.5.3 F5 BIG IP Link Controller 11.5.4 F5 BIG IP Link Controller 11.5.5 F5 BIG IP Link Controller 11.6.1 F5 BIG IP Link Controller 12.1.0 F5 BIG IP Link Controller 12.1.1 F5 BIG IP Link Controller 12.1.2 F5 BIG IP Link Controller 12.1.3 F5 BIG IP Link Controller 12.1.3.1 F5 BIG IP Link Controller 13.0.0 F5 BIG IP Policy Enforcement Manager 11.2.1 F5 BIG IP Policy Enforcement Manager 11.5.1 F5 BIG IP Policy Enforcement Manager 11.5.2 F5 BIG IP Policy Enforcement Manager 11.5.3 F5 BIG IP Policy Enforcement Manager 11.5.4 F5 BIG IP Policy Enforcement Manager 11.5.5 F5 BIG IP Policy Enforcement Manager 11.6.1 F5 BIG IP Policy Enforcement Manager 12.1.0 F5 BIG IP Policy Enforcement Manager 12.1.1 F5 BIG IP Policy Enforcement Manager 12.1.2 F5 BIG IP Policy Enforcement Manager 12.1.3 F5 BIG IP Policy Enforcement Manager 12.1.3.1 F5 BIG IP Policy Enforcement Manager 13.0.0 F5 BIG IP Webaccelerator 11.2.1 F5 BIG IP Webaccelerator 11.5.1 F5 BIG IP Webaccelerator 11.5.2 F5 BIG IP Webaccelerator 11.5.3 F5 BIG IP Webaccelerator 11.5.4 F5 BIG IP Webaccelerator 11.5.5 F5 BIG IP Webaccelerator 11.6.1 F5 BIG IP Webaccelerator 12.1.0 F5 BIG IP Webaccelerator 12.1.1 F5 BIG IP Webaccelerator 12.1.2 F5 BIG IP Webaccelerator 12.1.3 F5 BIG IP Webaccelerator 12.1.3.1 F5 BIG IP Webaccelerator 13.0.0 F5 BIG IP Websafe 11.2.1 F5 BIG IP Websafe 11.5.1 F5 BIG IP Websafe 11.5.2 F5 BIG IP Websafe 11.5.3 F5 BIG IP Websafe 11.5.4 F5 BIG IP Websafe 11.5.5 F5 BIG IP Websafe 11.6.1 F5 BIG IP Websafe 12.1.0 F5 BIG IP Websafe 12.1.1 F5 BIG IP Websafe 12.1.2 F5 BIG IP Websafe 13.0.0 F5 BIG IP Domain Name System 11.2.1 F5 BIG IP Domain Name System 11.5.1 F5 BIG IP Domain Name System 11.5.2 F5 BIG IP Domain Name System 11.5.3 F5 BIG IP Domain Name System 11.5.4 F5 BIG IP Domain Name System 11.5.5 F5 BIG IP Domain Name System 11.6.1 F5 BIG IP Domain Name System 12.1.0 F5 BIG IP Domain Name System 12.1.1 F5 BIG IP Domain Name System 12.1.2 F5 BIG IP Domain Name System 12.1.3 F5 BIG IP Domain Name System 12.1.3.1 F5 BIG IP Domain Name System 13.0.0	206

Nessus

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL65355492.NASL
description	Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices. (CVE-2018-5506) Impact This vulnerability can disclose the em_server_ip field of valid client certificates. This does not reveal the certificate needed for authentication.
last seen	2020-03-17
modified	2018-11-02
plugin id	118692
published	2018-11-02
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118692
title	F5 Networks BIG-IP : Apache vulnerability (K65355492)

References

https://support.f5.com/csp/article/K65355492