F5 Networks BIG-IP : HTTPS monitor vulnerability (K05112543)
Medium Nessus Plugin ID 118622
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionF5 BIG-IP 13.0.0-13.0.1, 12.1.0-18.104.22.168, or 11.2.1-22.214.171.124 HTTPS health monitors do not validate the identity of the monitored server.
This vulnerability may allow unauthorized disclosure and modification of monitor traffic by an attacker with a privileged network position (MITM).
Note : This vulnerability affects HTTPS monitors that are configured onTraffic Management Microkernel (TMM) interfaces and monitors that are configured on the management interface (MGMT).
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K05112543.