Think you have a false positive on this rule?

Sid 1-32546

Message

SERVER-WEBAPP F5 BIG-IP Enterprise Manager XML entity injection attempt

Summary

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.

Impact

CVSS base score 5.5 CVSS impact score 4.9 CVSS exploitability score 8.0 confidentialityImpact PARTIAL integrityImpact NONE availabilityImpact NONE

CVE-2014-6032:

CVSS base score 5.5

CVSS impact score 4.9

CVSS exploitability score 8.0

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

Detailed information

CVE-2014-6032: Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.

Affected systems

  • f5 big-ipadvancedfirewall_manager 11.3.0
  • f5 big-ipadvancedfirewall_manager 11.4.0
  • f5 big-ipadvancedfirewall_manager 11.4.1
  • f5 big-ipadvancedfirewall_manager 11.5.0
  • f5 big-ipadvancedfirewall_manager 11.5.1
  • f5 big-ipadvancedfirewall_manager 11.6.0
  • f5 big-ip_analytics 11.0.0
  • f5 big-ip_analytics 11.1.0
  • f5 big-ip_analytics 11.2.0
  • f5 big-ip_analytics 11.2.1
  • f5 big-ip_analytics 11.3.0
  • f5 big-ip_analytics 11.4.0
  • f5 big-ip_analytics 11.4.1
  • f5 big-ip_analytics 11.5.0
  • f5 big-ip_analytics 11.5.1
  • f5 big-ip_analytics 11.6.0
  • f5 big-ipapplicationacceleration_manager 11.4.0
  • f5 big-ipapplicationacceleration_manager 11.4.1
  • f5 big-ipapplicationacceleration_manager 11.5.0
  • f5 big-ipapplicationacceleration_manager 11.5.1
  • f5 big-ipapplicationacceleration_manager 11.6.0
  • f5 big-ipapplicationsecurity_manager 10.0.0
  • f5 big-ipapplicationsecurity_manager 10.1.0
  • f5 big-ipapplicationsecurity_manager 10.2.0
  • f5 big-ipapplicationsecurity_manager 10.2.1
  • f5 big-ipapplicationsecurity_manager 10.2.2
  • f5 big-ipapplicationsecurity_manager 10.2.3
  • f5 big-ipapplicationsecurity_manager 10.2.4
  • f5 big-ipapplicationsecurity_manager 11.0.0
  • f5 big-ipapplicationsecurity_manager 11.1.0
  • f5 big-ipapplicationsecurity_manager 11.2.0
  • f5 big-ipapplicationsecurity_manager 11.2.1
  • f5 big-ipapplicationsecurity_manager 11.3.0
  • f5 big-ipapplicationsecurity_manager 11.4.0
  • f5 big-ipapplicationsecurity_manager 11.4.1
  • f5 big-ipapplicationsecurity_manager 11.5.0
  • f5 big-ipapplicationsecurity_manager 11.5.1
  • f5 big-ipapplicationsecurity_manager 11.6.0
  • f5 big-ipedgegateway 10.1.0
  • f5 big-ipedgegateway 10.2.0
  • f5 big-ipedgegateway 10.2.1
  • f5 big-ipedgegateway 10.2.2
  • f5 big-ipedgegateway 10.2.3
  • f5 big-ipedgegateway 10.2.4
  • f5 big-ipedgegateway 11.0.0
  • f5 big-ipedgegateway 11.1.0
  • f5 big-ipedgegateway 11.2.0
  • f5 big-ipedgegateway 11.2.1
  • f5 big-ipedgegateway 11.3.0
  • f5 big-ipglobaltraffic_manager 10.0.0
  • f5 big-ipglobaltraffic_manager 10.1.0
  • f5 big-ipglobaltraffic_manager 10.2.0
  • f5 big-ipglobaltraffic_manager 10.2.1
  • f5 big-ipglobaltraffic_manager 10.2.2
  • f5 big-ipglobaltraffic_manager 10.2.3
  • f5 big-ipglobaltraffic_manager 10.2.4
  • f5 big-ipglobaltraffic_manager 11.0.0
  • f5 big-ipglobaltraffic_manager 11.1.0
  • f5 big-ipglobaltraffic_manager 11.2.0
  • f5 big-ipglobaltraffic_manager 11.2.1
  • f5 big-ipglobaltraffic_manager 11.3.0
  • f5 big-ipglobaltraffic_manager 11.4.0
  • f5 big-ipglobaltraffic_manager 11.4.1
  • f5 big-ipglobaltraffic_manager 11.5.0
  • f5 big-ipglobaltraffic_manager 11.5.1
  • f5 big-ipglobaltraffic_manager 11.6.0
  • f5 big-iplinkcontroller 10.0.0
  • f5 big-iplinkcontroller 10.1.0
  • f5 big-iplinkcontroller 10.2.0
  • f5 big-iplinkcontroller 10.2.1
  • f5 big-iplinkcontroller 10.2.2
  • f5 big-iplinkcontroller 10.2.3
  • f5 big-iplinkcontroller 10.2.4
  • f5 big-iplinkcontroller 11.0.0
  • f5 big-iplinkcontroller 11.1.0
  • f5 big-iplinkcontroller 11.2.0
  • f5 big-iplinkcontroller 11.2.1
  • f5 big-iplinkcontroller 11.3.0
  • f5 big-iplinkcontroller 11.4.0
  • f5 big-iplinkcontroller 11.4.1
  • f5 big-iplinkcontroller 11.5.0
  • f5 big-iplinkcontroller 11.5.1
  • f5 big-iplinkcontroller 11.6.0
  • f5 big-iplocaltraffic_manager 10.0.0
  • f5 big-iplocaltraffic_manager 10.1.0
  • f5 big-iplocaltraffic_manager 10.2.0
  • f5 big-iplocaltraffic_manager 10.2.1
  • f5 big-iplocaltraffic_manager 10.2.2
  • f5 big-iplocaltraffic_manager 10.2.3
  • f5 big-iplocaltraffic_manager 10.2.4
  • f5 big-iplocaltraffic_manager 11.0.0
  • f5 big-iplocaltraffic_manager 11.1.0
  • f5 big-iplocaltraffic_manager 11.2.0
  • f5 big-iplocaltraffic_manager 11.2.1
  • f5 big-iplocaltraffic_manager 11.3.0
  • f5 big-iplocaltraffic_manager 11.4.0
  • f5 big-iplocaltraffic_manager 11.4.1
  • f5 big-iplocaltraffic_manager 11.5.0
  • f5 big-iplocaltraffic_manager 11.5.1
  • f5 big-iplocaltraffic_manager 11.6.0
  • f5 big-ippolicyenforcement_manager 11.3.0
  • f5 big-ippolicyenforcement_manager 11.4.0
  • f5 big-ippolicyenforcement_manager 11.4.1
  • f5 big-ippolicyenforcement_manager 11.5.0
  • f5 big-ippolicyenforcement_manager 11.5.1
  • f5 big-ippolicyenforcement_manager 11.6.0
  • f5 big-ipprotocolsecurity_module 10.0.0
  • f5 big-ipprotocolsecurity_module 10.1.0
  • f5 big-ipprotocolsecurity_module 10.2.0
  • f5 big-ipprotocolsecurity_module 10.2.1
  • f5 big-ipprotocolsecurity_module 10.2.2
  • f5 big-ipprotocolsecurity_module 10.2.3
  • f5 big-ipprotocolsecurity_module 10.2.4
  • f5 big-ipprotocolsecurity_module 11.0.0
  • f5 big-ipprotocolsecurity_module 11.1.0
  • f5 big-ipprotocolsecurity_module 11.2.0
  • f5 big-ipprotocolsecurity_module 11.2.1
  • f5 big-ipprotocolsecurity_module 11.3.0
  • f5 big-ipprotocolsecurity_module 11.4.0
  • f5 big-ipprotocolsecurity_module 11.4.1
  • f5 big-ipwanoptimization_manager 10.0.0
  • f5 big-ipwanoptimization_manager 10.1.0
  • f5 big-ipwanoptimization_manager 10.2.0
  • f5 big-ipwanoptimization_manager 10.2.1
  • f5 big-ipwanoptimization_manager 10.2.2
  • f5 big-ipwanoptimization_manager 10.2.3
  • f5 big-ipwanoptimization_manager 10.2.4
  • f5 big-ipwanoptimization_manager 11.0.0
  • f5 big-ipwanoptimization_manager 11.1.0
  • f5 big-ipwanoptimization_manager 11.2.0
  • f5 big-ipwanoptimization_manager 11.2.1
  • f5 big-ipwanoptimization_manager 11.3.0
  • f5 big-ip_webaccelerator 10.0.0
  • f5 big-ip_webaccelerator 10.1.0
  • f5 big-ip_webaccelerator 10.2.0
  • f5 big-ip_webaccelerator 10.2.1
  • f5 big-ip_webaccelerator 10.2.2
  • f5 big-ip_webaccelerator 10.2.3
  • f5 big-ip_webaccelerator 10.2.4
  • f5 big-ip_webaccelerator 11.0.0
  • f5 big-ip_webaccelerator 11.1.0
  • f5 big-ip_webaccelerator 11.2.0
  • f5 big-ip_webaccelerator 11.2.1
  • f5 big-ip_webaccelerator 11.3.0
  • f5 enterprise_manager 3.0.0
  • f5 enterprise_manager 3.1.0
  • f5 enterprise_manager 3.1.1
  • f5 enterprise_manager 2.1.0
  • f5 enterprise_manager 2.2.0
  • f5 enterprise_manager 2.3.0

Ease of attack

CVE-2014-6032:

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References