F5 Networks BIG-IP : BIG-IP APM redirect vulnerability (K66171422)
Medium Nessus Plugin ID 118693
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAninsecure AES ECB mode is usedfor orig_uri parameter in an
undisclosed /vdesk link of APM virtual server configured with an
access profile, allowing a malicious user to build a redirect URI
value using different blocks of cipher texts. (CVE-2018-5548)
An attacker can forge a URL with an obfuscated (encrypted and encoded)
value in an orig_uri parameter. An authenticated user with an
established access session to the BIG-IP APM system may be redirected
to a malicious website following the forged URL.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5