1. CVE-Search
  2. CVE-2014-9326
ID CVE-2014-9326
Summary The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. <a href="https://cwe.mitre.org/data/definitions/295.html">CWE-295: Improper Certificate Validation</a>
References
Vulnerable Configurations
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager11.5.1:*:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager11.5.1:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 03-01-2017 - 02:59)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
confirm https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html
sectrack 1032305
Last major update 03-01-2017 - 02:59
Published 12-05-2015 - 19:59
Last modified 03-01-2017 - 02:59
Back to Top