F5 Networks BIG-IP : IP Intelligence Feed List vulnerability (K11464209)
Medium Nessus Plugin ID 118629
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionX509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote servers identity is not properly validated in certain versions of BIG-IP. (CVE-2017-6143)
Affected BIG-IP systems may fail to properly validate the remote server's identity. As a result, the IP Intelligence data may potentially be compromised.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K11464209.