CVE-2018-5548Open Redirect in F5 Big-ip Access Policy Manager

CWE-601Open Redirect3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 56.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
F5 Big-ip Access Policy ManagerF5 Networks INC Big-ip APMF5 Big-ip APM
Timeline
PublishedSep 13
Latest updateMay 14

Description

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDf5/big-ip_access_policy_manager11.6.111.6.3
CVEListV5f5_networks_inc/big-ip_apm11.6.0-11.6.3

🔴Vulnerability Details

1
GHSA
GHSA-hqqf-5vjp-3gwx: On BIG-IP APM 112022-05-14

📋Vendor Advisories

1
F5
CVE-2018-5548: On BIG-IP APM 112018-09-13
CVE-2018-5548 — Open Redirect in F5 | cvebase