F5 Networks BIG-IP : BIG-IP APM CRL vulnerability (K34652116)
Medium Nessus Plugin ID 118656
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionIn some situations, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system failsto download a new Certificate Revocation List.(CVE-2018-15326).
Users with revoked certificatesmay be able to gain access to the system.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K34652116.