CVE-2015-8611

Name of the Vulnerable Software and Affected Versions BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM versions 12.0.0 through 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms

Description The issue is related to errors in synchronizing passwords with the Always-On Management (AOM) subsystem. This might allow remote attackers to obtain login access to AOM via an expired or default password.

Recommendations For BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM versions 12.0.0 through 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms, apply the HF1 hotfix to properly sync passwords with the AOM subsystem and prevent potential unauthorized access. At the moment, there is no information about additional mitigation measures.