CVE-2018-15328

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.x through 14.0.x F5 Enterprise Manager version 3.1.1 F5 BIG-IQ versions 4.x through 6.x F5 iWorkflow version 2.x

Description The issue concerns the handling of passphrases for SNMPv3 users and trap destinations used for authentication and privacy. These passphrases are not protected by the Secure Vault feature of the BIG-IP system and are instead written in plain text to various configuration files.

Recommendations For F5 BIG-IP versions 11.x through 14.0.x, consider restricting access to configuration files to minimize the risk of passphrase exposure. For F5 Enterprise Manager version 3.1.1, restrict access to the configuration files that contain the passphrases. For F5 BIG-IQ versions 4.x through 6.x, limit access to the areas where the passphrases are stored in plain text. For F5 iWorkflow version 2.x, avoid using the affected SNMPv3 functionality until a secure method of handling passphrases is implemented.