CVE-2018-15328

Summary

On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files.

Affected Software

VendorProductVersion RangeStatus
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), Enterprise Manager, BIG-IQ Centralized Management, F5 iWorkflowBIG-IP 14.0.x, 13.x, 12.x, 11.xaffected
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), Enterprise Manager, BIG-IQ Centralized Management, F5 iWorkflowEM 3.1.1affected
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), Enterprise Manager, BIG-IQ Centralized Management, F5 iWorkflowBIG-IQ 6.x, 5.x, 4.xaffected
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), Enterprise Manager, BIG-IQ Centralized Management, F5 iWorkflowiWorkflow 2.xaffected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

References