#VU22975 Improper Authentication in F5 Networks products


Vulnerability identifier: #VU22975

Vulnerability risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-6675

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
BIG-IP
Hardware solutions / Firmware
BIG-IP LTM
Hardware solutions / Security hardware applicances
BIG-IP AFM
Hardware solutions / Security hardware applicances
BIG-IP Analytics
Hardware solutions / Security hardware applicances
BIG-IP APM
Hardware solutions / Security hardware applicances
BIG-IP ASM
Hardware solutions / Security hardware applicances
BIG-IP FPS
Hardware solutions / Security hardware applicances
BIG-IP GTM
Hardware solutions / Security hardware applicances
BIG-IP PEM
Hardware solutions / Security hardware applicances
BIG-IP AAM
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP DNS
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP Link Controller
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: F5 Networks

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in BIG-IP administrative authentication feature. A remote attacker can use LDAP, Active Directory, or Client Certificate LDAP to bypass authentication process and cause a complete compromise of the BIG-IP system.

Note: This vulnerability affects only the BIG-IP Engineering Hotfixes and does not affect any of the BIG-IP major, minor, or maintenance releases.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

BIG-IP: 15.0.1.0.33.11-ENG Hotfix - 15.0.1.0.48.11-ENG Hotfix, 14.1.0.3.0.79.6-ENG Hotfix - 14.1.2.1.0.122.4-ENG Hotfix

BIG-IP LTM: 14.1.0.3.0.79.6-ENG Hotfix - 15.0.1.0.48.11-ENG Hotfix

BIG-IP AAM: 14.1.0.3.0.79.6 ENG Hotfix - 15.0.1.0.48.11 ENG Hotfix

BIG-IP AFM: 14.1.0.3.0.79.6 ENG Hotfix - 15.0.1.0.48.11 ENG Hotfix

BIG-IP Analytics: 14.1.0.3.0.79.6-ENG Hotfix - 15.0.1.0.48.11-ENG Hotfix

BIG-IP APM: 14.1.0.3.0.79.6 ENG Hotfix - 15.0.1.0.48.11 ENG Hotfix

BIG-IP ASM: 14.1.0.3.0.79.6 ENG Hotfix - 15.0.1.0.48.11 ENG Hotfix

BIG-IP DNS: 14.1.0.3.0.79.6 ENG Hotfix - 15.0.1.0.48.11 ENG Hotfix

BIG-IP FPS: 14.1.0.3.0.79.6 ENG Hotfix - 15.0.1.0.48.11 ENG Hotfix

BIG-IP GTM: 14.1.0.3.0.79.6-ENG Hotfix - 15.0.1.0.48.11-ENG Hotfix

BIG-IP Link Controller: 14.1.0.3.0.79.6-ENG Hotfix - 15.0.1.0.48.11-ENG Hotfix

BIG-IP PEM: 14.1.0.3.0.79.6-ENG Hotfix - 15.0.1.0.48.11-ENG Hotfix

External links
http://api-u.f5.com/support/kb-articles/K55655944?cacheFlag=false
http://support.f5.com/csp/article/K55655944?utm_source=f5support&utm_medium=RSS

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Improper Authentication in BIG-IP Engineering Hotfixes