CVE-2017-6142 — Improper Certificate Validation in F5 Big-ip Advanced Firewall Manager

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 73.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Advanced Firewall Manager F5 Networks INC Big-ip AFM F5 Big-ip AFM

Timeline

PublishedJan 19

Latest updateMay 14

Description

X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages3 packages

▶NVDf5/big-ip_advanced_firewall_manager11.6.0 — 11.6.2+2

▶f5f5/big-ip_afm

▶CVEListV5f5_networks_inc/big-ip_afm11.6.0 - 11.6.2, 12.1.0 - 12.1.2, 13.0.0+2

🔴Vulnerability Details

GHSA

GHSA-9hw6-rw67-875g: X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions↗2022-05-14

▶

📋Vendor Advisories

CVE-2017-6142: X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Ad...↗2018-01-19

▶