CVE-2022-28859 in BIG-IPinfo

Summary

by MITRE • 05/05/2022

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/08/2022

The vulnerability identified as CVE-2022-28859 represents a critical security flaw in F5 BIG-IP systems that affects specific versions of the platform when integrating Net HSM hardware security modules. This issue manifests through the improper handling of sensitive authentication credentials during the installation process of Net HSM components, creating a significant risk for organizations relying on these security appliances for network protection and cryptographic operations. The vulnerability specifically impacts F5 BIG-IP versions 15.1.x prior to 15.1.5.1 and 14.1.x prior to 14.1.4.6, where the installation scripts fail to adequately protect the Net HSM partition password, exposing it to potential unauthorized access.

The technical flaw stems from the insecure execution of installation scripts that manage the integration of Net HSM devices within the BIG-IP environment. During the installation of Net HSM using either nethsm-safenet-install.sh or nethsm-thales-install.sh, the partition password required for the HSM module authentication is inadvertently exposed through script output or logging mechanisms. This exposure occurs because the scripts do not properly sanitize their output or implement secure credential handling practices, allowing the password to be visible in system logs, command line outputs, or other accessible locations. The vulnerability is categorized under CWE-209, which specifically addresses the exposure of error information, and can be mapped to ATT&CK technique T1552.001, which covers unsecured credentials in logs and configuration files.

The operational impact of this vulnerability extends beyond simple credential exposure, as it fundamentally compromises the security posture of affected systems. When the Net HSM partition password becomes accessible to unauthorized parties, attackers can gain direct access to the hardware security module, potentially enabling them to perform cryptographic operations, modify security parameters, or extract sensitive data from the HSM. This access could lead to complete compromise of the cryptographic services provided by the BIG-IP appliance, affecting the integrity and confidentiality of all encrypted communications protected by the system. Organizations may face regulatory compliance violations, data breaches, and significant operational disruption if attackers exploit this vulnerability to gain unauthorized access to their cryptographic infrastructure.

Mitigation strategies for CVE-2022-28859 should prioritize immediate patching of affected systems to the recommended versions 15.1.5.1 or 14.1.4.6, which contain fixes addressing the credential exposure issue. Security administrators should also implement monitoring of system logs and command outputs for any signs of credential exposure, particularly during HSM installation processes. Additional protective measures include implementing strict access controls for system administrators, enabling comprehensive logging and audit trails, and conducting regular security assessments of cryptographic infrastructure. Organizations should also consider implementing network segmentation and privilege separation to limit the potential impact of credential exposure, while ensuring that any exposed credentials are immediately revoked and replaced with new secure values. The vulnerability highlights the critical importance of secure credential handling in automated installation processes and underscores the need for comprehensive security testing of third-party integration components within enterprise security infrastructure.

Responsible

F5 Networks

Reservation

04/19/2022

Disclosure

05/05/2022

Moderation

accepted

CPE

ready

EPSS

0.00720

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!