Vigil@nce - F5 BIG-IP: Man-in-the-Middle via SSH Server Key Size

September 2020 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer/Computer...

SYNTHESIS OF THE VULNERABILITY

Impacted products: BIG-IP Hardware, TMOS.

Severity: 1/4.

Consequences: data reading, data creation/edition.

Provenance: intranet client.

Confidence: confirmed by the editor (5/5).

Creation date: 26/08/2020.

DESCRIPTION OF THE VULNERABILITY

An attacker can act as a Man-in-the-Middle via SSH Server Key Size on F5 BIG-IP, in order to read or write data in the session.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/...