Brute Force Vulnerability in F5 BIG-IP Products
CVE-2018-5506
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 13 April 2018
Summary
In certain versions of F5 BIG-IP, vulnerabilities in the Apache modules, specifically apache_auth_token_mod and mod_auth_f5_auth_token.cpp, allow external attackers to exploit possible unauthenticated brute force attempts. This could potentially expose SSL client certificates utilized for mutual authentication between the BIG-IQ management system or Enterprise Manager and their managed BIG-IP devices, leading to unauthorized access and security risks.
Affected Version(s)
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 13.0.0
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.2
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.6.1
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved