CVE-2014-9326

The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
f5big-ip_application_acceleration_manager
11.5.0
f5big-ip_application_acceleration_manager
11.5.1
f5big-ip_application_acceleration_manager
11.5.2
f5big-ip_application_acceleration_manager
11.6.0
f5big-ip_policy_enforcement_manager
11.3.0
f5big-ip_policy_enforcement_manager
11.4.0
f5big-ip_policy_enforcement_manager
11.4.1
f5big-ip_policy_enforcement_manager
11.5.0
f5big-ip_policy_enforcement_manager
11.5.2
f5big-ip_policy_enforcement_manager
11.6.0
f5big-ip_policy_enforcement_manager11.5.1
*
f5big-ip_global_traffic_manager
11.5.0
f5big-ip_global_traffic_manager
11.5.1
f5big-ip_global_traffic_manager
11.5.2
f5big-ip_global_traffic_manager
11.6.0
f5big-ip_advanced_firewall_manager
11.5.0
f5big-ip_advanced_firewall_manager
11.5.1
f5big-ip_advanced_firewall_manager
11.5.2
f5big-ip_advanced_firewall_manager
11.6.0
f5big-ip_local_traffic_manager
11.5.0
f5big-ip_local_traffic_manager
11.5.1
f5big-ip_local_traffic_manager
11.5.2
f5big-ip_local_traffic_manager
11.6.0
f5big-ip_application_security_manager
11.5.0
f5big-ip_application_security_manager
11.5.1
f5big-ip_application_security_manager
11.5.2
f5big-ip_application_security_manager
11.6.0
f5big-ip_link_controller
11.5.0
f5big-ip_link_controller
11.5.1
f5big-ip_link_controller
11.5.2
f5big-ip_link_controller
11.6.0
f5big-ip_access_policy_manager
11.5.0
f5big-ip_access_policy_manager
11.5.1
f5big-ip_access_policy_manager
11.5.2
f5big-ip_access_policy_manager
11.6.0
f5big-ip_analytics
11.5.0
f5big-ip_analytics
11.5.1
f5big-ip_analytics
11.5.2
f5big-ip_analytics
11.6.0
f5big-ip_access_policy_manager
11.5.0
f5big-ip_access_policy_manager
11.5.1
f5big-ip_access_policy_manager
11.5.2
f5big-ip_access_policy_manager
11.6.0
𝑥
= Vulnerable software versions
References
http://www.securitytracker.com/id/1032305
https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html
http://www.securitytracker.com/id/1032305
https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html