Vigil@nce - F5 BIG-IP: Man-in-the-Middle of Cloud Amazon, Azure or Verizon
June 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can act as a Man-in-the-Middle on F5 BIG-IP with
Amazon, Azure or Verizon, in order to read or write data in the
session.
– Impacted products: BIG-IP Hardware, TMOS.
– Severity: 2/4.
– Creation date: 12/04/2016.
DESCRIPTION OF THE VULNERABILITY
The F5 BIG-IP product can be used with the following Cloud
environments:
– Amazon Web Services (AWS)
– Azure
– Verizon
However, in this case, X.509 certificates are not correctly
regenerated, and may be shared between several instances.
An attacker can therefore act as a Man-in-the-Middle on F5 BIG-IP
with Amazon, Azure or Verizon, in order to read or write data in
the session.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN