Cryptographic issues in BIG-IP Analytics

#VU41199 Cryptographic issues in BIG-IP Analytics

Published: 2014-10-26 | Updated: 2020-08-10

Vulnerability identifier: #VU41199

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-7408

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
BIG-IP Analytics
Hardware solutions / Security hardware applicances

Vendor: F5 Networks

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value.

Mitigation
Install update from vendor's website.

Vulnerable software versions

BIG-IP Analytics: 11.0.0 - 11.3.0

External links
http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html
http://www.securityfocus.com/bid/68792

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Cryptographic issues in BIG-IP Analytics