7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.9%
An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.(CVE-2016-0718)
Impact
A remote attacker could send specially crafted XML which, when parsed by an application using the Expat library, would cause that application to stop responding orpossiblyrun arbitrary code with the permission of the user running the application.
BIG-IP ASM control plane
An authenticated user with the relevant privileges, such as Web Application Security Editor,can exploit the vulnerability and gain full control of the system.
big3d/gtmd
The big3d / gtmd processes may be exposed to this vulnerability over the management port and self IP addresses when the Port Lockdown setting is set to Default , All , or Custom with TCP port 4353 included. The impact for the big3d process is a temporary disruption in the communicationbetween peer systems until the system automatically restarts the big3d process.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K52320548.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(103313);
script_version("3.9");
script_cvs_date("Date: 2019/01/04 10:03:41");
script_cve_id("CVE-2016-0718");
script_name(english:"F5 Networks BIG-IP : Expat vulnerability (K52320548)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"An out-of-bounds read flaw was found in the way Expat processed
certain input. A remote attacker could send specially crafted XML
that, when parsed by an application using the Expat library, would
cause that application to crash or, possibly, execute arbitrary code
with the permission of the user running the
application.(CVE-2016-0718)
Impact
A remote attacker could send specially crafted XML which, when parsed
by an application using the Expat library, would cause that
application to stop responding orpossiblyrun arbitrary code with the
permission of the user running the application.
BIG-IP ASM control plane
An authenticated user with the relevant privileges, such as Web
Application Security Editor,can exploit the vulnerability and gain
full control of the system.
big3d/gtmd
The big3d / gtmd processes may be exposed to this vulnerability over
the management port and self IP addresses when the Port Lockdown
setting is set to Default , All , or Custom with TCP port 4353
included. The impact for the big3d process is a temporary disruption
in the communicationbetween peer systems until the system
automatically restarts the big3d process."
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K52320548"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K52320548."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
script_set_attribute(attribute:"patch_publication_date", value:"2017/09/18");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "K52320548";
vmatrix = make_array();
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected" ] = make_list("13.0.0","12.0.0-12.1.3","11.6.0-11.6.3","11.4.1-11.5.6");
vmatrix["AFM"]["unaffected"] = make_list("13.1.0","13.0.1","12.1.3.2","11.6.3.2","11.5.7");
# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected" ] = make_list("13.0.0","12.0.0-12.1.3","11.6.0-11.6.3","11.4.1-11.5.6");
vmatrix["AM"]["unaffected"] = make_list("13.1.0","13.0.1","12.1.3.2","11.6.3.2","11.5.7");
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("13.0.0","12.0.0-12.1.3","11.6.0-11.6.3","11.4.1-11.5.6","11.2.1");
vmatrix["APM"]["unaffected"] = make_list("13.1.0","13.0.1","12.1.3.2","11.6.3.2","11.5.7");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("13.0.0","12.0.0-12.1.3","11.6.0-11.6.3","11.4.1-11.5.6","11.2.1");
vmatrix["ASM"]["unaffected"] = make_list("13.1.0","13.0.1","12.1.3.2","11.6.3.2","11.5.7");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("13.0.0","12.0.0-12.1.3","11.6.0-11.6.3","11.4.1-11.5.6","11.2.1");
vmatrix["AVR"]["unaffected"] = make_list("13.1.0","13.0.1","12.1.3.2","11.5.7");
# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected" ] = make_list("11.6.0-11.6.3","11.4.1-11.5.6","11.2.1");
vmatrix["GTM"]["unaffected"] = make_list("11.6.3.2","11.5.7");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("13.0.0","12.0.0-12.1.3","11.6.0-11.6.3","11.4.1-11.5.6","11.2.1");
vmatrix["LC"]["unaffected"] = make_list("13.1.0","13.0.1","12.1.3.2","11.6.3.2","11.5.7");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("13.0.0","12.0.0-12.1.3","11.6.0-11.6.3","11.4.1-11.5.6","11.2.1");
vmatrix["LTM"]["unaffected"] = make_list("13.1.0","13.0.1","12.1.3.2","11.6.3.2","11.5.7");
# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected" ] = make_list("13.0.0","12.0.0-12.1.3","11.6.0-11.6.3","11.4.1-11.5.6");
vmatrix["PEM"]["unaffected"] = make_list("13.1.0","13.0.1","12.1.3.2","11.6.3.2","11.5.7");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
Vendor | Product | Version | CPE |
---|---|---|---|
f5 | big-ip_access_policy_manager | cpe:/a:f5:big-ip_access_policy_manager | |
f5 | big-ip_advanced_firewall_manager | cpe:/a:f5:big-ip_advanced_firewall_manager | |
f5 | big-ip_application_acceleration_manager | cpe:/a:f5:big-ip_application_acceleration_manager | |
f5 | big-ip_application_security_manager | cpe:/a:f5:big-ip_application_security_manager | |
f5 | big-ip_application_visibility_and_reporting | cpe:/a:f5:big-ip_application_visibility_and_reporting | |
f5 | big-ip_global_traffic_manager | cpe:/a:f5:big-ip_global_traffic_manager | |
f5 | big-ip_link_controller | cpe:/a:f5:big-ip_link_controller | |
f5 | big-ip_local_traffic_manager | cpe:/a:f5:big-ip_local_traffic_manager | |
f5 | big-ip_policy_enforcement_manager | cpe:/a:f5:big-ip_policy_enforcement_manager | |
f5 | big-ip_webaccelerator | cpe:/a:f5:big-ip_webaccelerator |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.9%