Insecure AES ECB Mode Vulnerability in BIG-IP APM 11.6.0-11.6.3

Insecure AES ECB Mode Vulnerability in BIG-IP APM 11.6.0-11.6.3

CVE-2018-5548 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.

Learn more about our Cis Benchmark Audit For Server Software.