CVE-2018-5548

Опубликовано: 13 сент. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.

Ссылки

http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html
Exploit
Technical Description
Third Party Advisory
http://www.securityfocus.com/bid/105353
Third Party Advisory
VDB Entry
https://support.f5.com/csp/article/K66171422
Vendor Advisory
http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html
Exploit
Technical Description
Third Party Advisory
http://www.securityfocus.com/bid/105353
Third Party Advisory
VDB Entry
https://support.f5.com/csp/article/K66171422
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

Версия от 11.6.1 (включая) до 11.6.3 (включая)

EPSS

Процентиль: 43%

0.00209

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-hqqf-5vjp-3gwx