F5 Networks BIG-IP : BIG-IP APM access logs vulnerability (K31925518)

medium Nessus Plugin ID 92847

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A vulnerability in the BIG-IP Configuration utility can be used by an unauthorized BIG-IP administrative user to gain unauthorized access to the Access Policy Manager (APM) access logs. This vulnerability requires valid user account credentials and access to the Configuration utility. This flaw exists when APM is configured, and exposes session details within the access logs. If the BIG-IP APM system is not in use, the vulnerability still exists; however, there is no data stored in the log files in question when the BIG-IPAPM system is not actively in use. (CVE-2016-1497)

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K31925518.

See Also

https://support.f5.com/csp/article/K31925518

Plugin Details

Severity: Medium

ID: 92847

File Name: f5_bigip_SOL31925518.nasl

Version: 2.11

Type: local

Published: 8/11/2016

Updated: 1/4/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_wan_optimization_manager, cpe:/a:f5:big-ip_webaccelerator, cpe:/h:f5:big-ip, cpe:/h:f5:big-ip_protocol_security_manager

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 8/10/2016

Reference Information

CVE: CVE-2016-1497