F5 Networks BIG-IP : BIG-IP AFM vulnerability (K20682450)
Medium Nessus Plugin ID 118639
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionX509 certificate verification was not correctly implementedin the early access 'user id' feature in the BIG-IP Advanced Firewall Manager, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. (CVE-2017-6142)
In affected BIG-IP AFM versions, the system is unable to properly validate the remote server's identity, which may lead to man-in-the-middle (MITM) attacks. This issue affects the Network Firewall policy enforcement. The issue depends on an experimental configuration that was only deployed with F5 technical assistance as a proof of concept.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K20682450.