Detections
Analytics

F5 Networks BIG-IP : TMOS vulnerability: Password changes for local users may not be preserved unless the configuration is explicitly saved (K37250780)

high Nessus Plugin ID 93247

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

When changing local user passwords at first boot, the password update may not be preserved unless the configuration is explicitly saved.
This will leave the system in a state where it still accepts the old password, and the new password cannot be used to log in.

This vulnerability occurs when all of the following conditions are met :

You have upgraded your BIG-IP system to a version listed in the Versions known to be vulnerable column in the Security Advisory Status table.

You restart the BIG-IP system for the first time.

After rebooting, the BIG-IP system prompts you to change the password due to password expiration.

The BIG-IP configuration reloads without being saved. Note : The BIG-IP configuration may be implicitly reloaded in many cases, including system restart, mcpd process restarting, and license installation.

Impact

Users cannot log in to the BIG-IP, BIG-IQ, F5 iWorkflow, or Enterprise Manager system using the most recent password, due to the new password being overwritten by the previous password. Additionally, local users are prompted to change their passwords, multiple times, due to password expiration.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K37250780.

See Also

https://support.f5.com/csp/article/K37250780

Plugin Details

Severity: High

ID: 93247

File Name: f5_bigip_SOL37250780.nasl

Version: 2.7

Type: local

Published: 9/1/2016

Updated: 12/31/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_wan_optimization_manager, cpe:/a:f5:big-ip_webaccelerator, cpe:/h:f5:big-ip, cpe:/h:f5:big-ip_protocol_security_manager

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Patch Publication Date: 12/30/2015

Vulnerability Publication Date: 12/30/2015