F5 Networks BIG-IP : HTTPS monitor vulnerability (K05112543)
Medium Nessus Plugin ID 118622
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionF5 BIG-IP 13.0.0-13.0.1, 12.1.0-184.108.40.206, or 11.2.1-220.127.116.11 HTTPS
health monitors do not validate the identity of the monitored server.
This vulnerability may allow unauthorized disclosure and modification
of monitor traffic by an attacker with a privileged network position
Note : This vulnerability affects HTTPS monitors that are configured
onTraffic Management Microkernel (TMM) interfaces and monitors that
are configured on the management interface (MGMT).
SolutionUpgrade to one of the non-vulnerable versions listed in the F5