F5 Networks BIG-IP : OS Kernel and SMM mode L1 Terminal Fault vulnerability (K95275140) (Foreshadow)

medium Nessus Plugin ID 125485

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. (CVE-2018-3620 also known as Foreshadow-NG)

Impact

For products with None in the Versions known to be vulnerable column, there is no impact.

BIG-IP

CVE-2018-3620 requires an attacker who is capable of providing and running binary code of their choosing on the BIG-IP platform. This raises a high bar for attackers attempting to target BIG-IP systems over a network and would require an additional, unpatched, user-space remote code execution vulnerability to exploit these new issues.

The only administrative roles on a BIG-IP system allowed to execute binary code or exploitable analogs, such as JavaScript, are the Administrator, Resource Administrator, Manager, and iRules Manager roles. The Administrator and Resource Administrator users already have nearly complete access to the system and all secrets on the system that are not protected by hardware based encryption. The Manager and iRules Manager roles do have more restricted access to the system, but have the ability to install new iRulesLX code. A malicious authorized Manager or iRules Manager can install malicious binary code to exploit these information leaks and gain more privileged access. F5 recommends limiting access to these roles to trusted employees.

Enterprise Manager

CVE-2018-3620 requires an attacker who is capable of providing and running binary code of their choosing on the Enterprise Manager platform. This raises a high bar for attackers attempting to target the Enterprise Manager system over a network and would require an additional, un-patched, user-space remote code execution vulnerability to exploit these new issues.

BIG-IQ

CVE-2018-3620 requires an attacker who is capable of providing and running binary code of their choosing on the BIG-IQplatform. This raises a high bar for attackers attempting to target the BIG-IQ system over a network and would require an additional, un-patched, user-space remote code execution vulnerability to exploit these new issues.

F5 iWorkflow

CVE-2018-3620 requires an attacker who is capable of providing and running binary code of their choosing on the F5 iWorkflowplatform.
This raises a high bar for attackers attempting to target the F5 iWorkflow system over a network and would require an additional, un-patched, user-space remote code execution vulnerability to exploit these new issues.

Traffix SDC

An unprivileged attacker can use this vulnerability to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K95275140.

See Also

https://support.f5.com/csp/article/K95275140

Plugin Details

Severity: Medium

ID: 125485

File Name: f5_bigip_SOL95275140.nasl

Version: 1.4

Type: local

Published: 5/29/2019

Updated: 3/9/2020

Dependencies: f5_bigip_detect.nbin

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.5

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_webaccelerator, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/5/2018

Vulnerability Publication Date: 8/14/2018

Reference Information

CVE: CVE-2018-3620