Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PEM for Device Type and OS (DTOS) and Tethering detection. Customers not using BIG-IP PEM, not configuring downloads of TAC database files, or not using HTTP for that download are not affected.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
F5 BIG-IP PEM 安全漏洞
Vulnerability Description
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的多合一网络设备。PEM是其中的一款策略执行管理器。 F5 BIG-IP PEM 12.1.0版本至12.1.2版本中存在安全漏洞,该漏洞源于在通过HTTPS下载Type Allocation Code (TAC)数据库文件时,程序没有验证服务器的证书。攻击者可利用该漏洞实施中间人攻击,篡改数据或获取信息。
CVSS Information
N/A
Vulnerability Type
N/A