Man-in-the-Middle Vulnerability in F5 BIG-IP Products

CVE-2014-9326

What is CVE-2014-9326?

The automatic signature update functionality in the Phone Home feature of F5 BIG-IP Products allows for the possibility of man-in-the-middle attacks. This vulnerability exists due to insufficient validation of server SSL certificates, specifically in versions 11.5.0 to 11.6.0 for multiple components including LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller. Furthermore, the Call Home feature in ASM and PEM products from versions 10.0.0 to 11.6.0 and 11.3.0 to 11.6.0 respectively, are also susceptible to this flaw if exploited through crafted certificates, enabling remote attackers to intercept sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References