CVE-2017-6142 - OpenCVE

X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
F5	Big-ip Advanced Firewall Manager

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:::::::*

References

Link	Resource
http://www.securitytracker.com/id/1040255	Third Party Advisory VDB Entry
https://support.f5.com/csp/article/K20682450	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: f5

Published: 2018-01-18T00:00:00

Updated: 2018-01-21T10:57:01

Reserved: 2017-02-21T00:00:00

Link: CVE-2017-6142

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-01-19T14:29:00.290

Modified: 2018-02-06T13:38:41.433

Link: CVE-2017-6142

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"containers": {"cna": {"affected": [{"product": "BIG-IP AFM", "vendor": "F5 Networks, Inc.", "versions": [{"status": "affected", "version": "13.0.0"}, {"status": "affected", "version": "12.1.0 - 12.1.2"}, {"status": "affected", "version": "11.6.0 - 11.6.2"}]}], "datePublic": "2018-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "X509 certificate verification was not correctly implemented in the early access \"user id\" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP."}], "problemTypes": [{"descriptions": [{"description": "Failed certificate validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-21T10:57:01", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K20682450"}, {"name": "1040255", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040255"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "DATE_PUBLIC": "2018-01-18T00:00:00", "ID": "CVE-2017-6142", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP AFM", "version": {"version_data": [{"version_value": "13.0.0"}, {"version_value": "12.1.0 - 12.1.2"}, {"version_value": "11.6.0 - 11.6.2"}]}}]}, "vendor_name": "F5 Networks, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "X509 certificate verification was not correctly implemented in the early access \"user id\" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Failed certificate validation"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K20682450", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K20682450"}, {"name": "1040255", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040255"}]}}}}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2017-6142", "datePublished": "2018-01-18T00:00:00", "dateReserved": "2017-02-21T00:00:00", "dateUpdated": "2018-01-21T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCE526AF-E3CA-4C29-9043-2838AED9FC54", "versionEndIncluding": "11.6.2", "versionStartIncluding": "11.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3C3362F-1251-4E7B-B8CB-BBE7344A915E", "versionEndIncluding": "12.1.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "X509 certificate verification was not correctly implemented in the early access \"user id\" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP."}, {"lang": "es", "value": "No se implement\u00f3 correctamente la versificaci\u00f3n de certificados X509 en la caracter\u00edstica de acceso temprano \"user id\" en F5 BIG-IP Advanced Firewall Manager, en versiones 13.0.0, 12.1.0-12.1.2 y 11.6.0-11.6.2 y, por lo tanto, ni valid\u00f3 correctamente la identidad del servidor remoto en ciertas versiones de BIG-IP."}], "id": "CVE-2017-6142", "lastModified": "2018-02-06T13:38:41.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-19T14:29:00.290", "references": [{"source": "f5sirt@f5.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040255"}, {"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K20682450"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}