X509 certificate verification was not correctly implemented in the early access “user id” feature in the BIG-IP Advanced Firewall Manager, and thus did not properly validate the remote server’s identity on certain versions of BIG-IP. (CVE-2017-6142)
Impact
In affected BIG-IP AFM versions, the system is unable to properly validate the remote server’s identity, which may lead to man-in-the-middle (MITM) attacks. This issue affects the Network Firewall policy enforcement. The issue depends on an experimental configuration that was only deployed with F5 technical assistance as a proof of concept.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.5.5 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 11.6.1 | |
big-ip afm | eq | 11.6.2 |