F5 Networks BIG-IP : BIG-IP AFM vulnerability (K20682450)
Medium Nessus Plugin ID 118639
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionX509 certificate verification was not correctly implementedin the
early access 'user id' feature in the BIG-IP Advanced Firewall
Manager, and thus did not properly validate the remote server's
identity on certain versions of BIG-IP. (CVE-2017-6142)
In affected BIG-IP AFM versions, the system is unable to properly
validate the remote server's identity, which may lead to
man-in-the-middle (MITM) attacks. This issue affects the Network
Firewall policy enforcement. The issue depends on an experimental
configuration that was only deployed with F5 technical assistance as a
proof of concept.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5