F5 BIG-IP Application Acceleration Manager up to 11.6.0 cryptographic issue
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability was found in F5 BIG-IP Application Acceleration Manager up to 11.6.0. It has been rated as problematic. Affected is an unknown function. This manipulation causes cryptographic issue. This vulnerability is handled as CVE-2014-8730. There is not any exploit available.
Details
A vulnerability classified as problematic was found in F5 BIG-IP Application Acceleration Manager up to 11.6.0 (Firewall Software). Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a cryptographic issue vulnerability. The CWE definition for the vulnerability is CWE-310. As an impact it is known to affect confidentiality. The summary by CVE is:
The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself.
The weakness was released 12/09/2014 by Adam Langley (Website). It is possible to read the advisory at imperialviolet.org. This vulnerability is known as CVE-2014-8730 since 11/10/2014. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1600 according to MITRE ATT&CK.
The vulnerability scanner Nessus provides a plugin with the ID 82429 , which helps to determine the existence of the flaw in a target environment. It is . The commercial vulnerability scanner Qualys is able to test this issue with plugin 19986 (IBM DB2 Multiple Vulnerabilities (swg21633303)).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the databases at X-Force (99216), Tenable (82429), SecurityFocus (BID 71549†), Secunia (SA62167†) and Vulnerability Center (SBV-48081†). Entries connected to this vulnerability are available at VDB-13393, VDB-13392, VDB-13395 and VDB-68134. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://f5.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.3
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cryptographic issueCWE: CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 82429
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Port: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
Fortigate IPS: 🔍
Timeline
11/10/2014 🔍12/08/2014 🔍
12/09/2014 🔍
12/09/2014 🔍
12/11/2014 🔍
01/12/2015 🔍
01/18/2015 🔍
03/27/2015 🔍
03/30/2015 🔍
04/07/2022 🔍
Sources
Vendor: f5.comAdvisory: imperialviolet.org
Researcher: Adam Langley
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-8730 (🔍)
GCVE (CVE): GCVE-0-2014-8730
GCVE (VulDB): GCVE-100-73171
X-Force: 99216
SecurityFocus: 71549 - Multiple F5 Products CVE-2014-8730 Man In The Middle Information Disclosure Vulnerability
Secunia: 62167 - IBM Sterling Connect:Direct for UNIX TLS Version 1.x CBC Cipher Padding Information Disclo, Not Critical
Vulnerability Center: 48081 - F5 Multiple Products Information Disclosure due to Incorrect TLS Padding when Terminating TLS Connections, Medium
See also: 🔍
Entry
Created: 03/27/2015 14:56Updated: 04/07/2022 14:48
Changes: 03/27/2015 14:56 (64), 06/18/2017 09:07 (9), 04/07/2022 14:48 (3)
Complete: 🔍
Cache ID: 216:8AC:103
No comments yet. Languages: en.
Please log in to comment.