PT-2018-8293 · F5 · F5 Big-Ip Advanced Firewall Manager
Publicado
2018-01-19
·
Atualizado
2018-02-06
·
CVE-2017-6142
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP Advanced Firewall Manager versions 11.6.0 through 11.6.2
F5 BIG-IP Advanced Firewall Manager versions 12.1.0 through 12.1.2
F5 BIG-IP Advanced Firewall Manager version 13.0.0
Description
The issue concerns the incorrect implementation of X509 certificate verification in the "user id" feature of the F5 BIG-IP Advanced Firewall Manager. This results in the failure to properly validate the remote server's identity.
Recommendations
For versions 11.6.0 through 11.6.2, update the certificate verification mechanism to properly validate the remote server's identity.
For versions 12.1.0 through 12.1.2, update the certificate verification mechanism to properly validate the remote server's identity.
For version 13.0.0, update the certificate verification mechanism to properly validate the remote server's identity.
Correção
Improper Certificate Validation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
F5 Big-Ip Advanced Firewall Manager