Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-8730

Disclosure Date: December 10, 2014
CVE-2014-8730
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • f5

Products

  • big-ip access policy manager 10.1.0,
  • big-ip access policy manager 10.2.0,
  • big-ip access policy manager 10.2.1,
  • big-ip access policy manager 10.2.2,
  • big-ip access policy manager 10.2.3,
  • big-ip access policy manager 10.2.4,
  • big-ip access policy manager 11.0.0,
  • big-ip access policy manager 11.1.0,
  • big-ip access policy manager 11.2.0,
  • big-ip access policy manager 11.2.1,
  • big-ip access policy manager 11.3.0,
  • big-ip access policy manager 11.4.0,
  • big-ip access policy manager 11.5.0,
  • big-ip access policy manager 11.5.1,
  • big-ip advanced firewall manager 11.3.0,
  • big-ip advanced firewall manager 11.4.0,
  • big-ip advanced firewall manager 11.4.1,
  • big-ip advanced firewall manager 11.5.0,
  • big-ip advanced firewall manager 11.5.1,
  • big-ip analytics 11.0.0,
  • big-ip analytics 11.1.0,
  • big-ip analytics 11.2.0,
  • big-ip analytics 11.2.1,
  • big-ip analytics 11.3.0,
  • big-ip analytics 11.4.0,
  • big-ip analytics 11.4.1,
  • big-ip analytics 11.5.0,
  • big-ip analytics 11.5.1,
  • big-ip application acceleration manager 11.4.0,
  • big-ip application acceleration manager 11.4.1,
  • big-ip application acceleration manager 11.5.0,
  • big-ip application acceleration manager 11.5.1,
  • big-ip application acceleration manager 11.6.0,
  • big-ip application security manager 10.0.0,
  • big-ip application security manager 10.0.1,
  • big-ip application security manager 10.1.0,
  • big-ip application security manager 10.2.0,
  • big-ip application security manager 10.2.1,
  • big-ip application security manager 10.2.2,
  • big-ip application security manager 10.2.3,
  • big-ip application security manager 10.2.4,
  • big-ip application security manager 11.0.0,
  • big-ip application security manager 11.1.0,
  • big-ip application security manager 11.2.0,
  • big-ip application security manager 11.2.1,
  • big-ip application security manager 11.3.0,
  • big-ip application security manager 11.4.0,
  • big-ip application security manager 11.4.1,
  • big-ip application security manager 11.5.1,
  • big-ip edge gateway 10.1.0,
  • big-ip edge gateway 10.2.0,
  • big-ip edge gateway 10.2.1,
  • big-ip edge gateway 10.2.2,
  • big-ip edge gateway 10.2.3,
  • big-ip edge gateway 10.2.4,
  • big-ip edge gateway 11.0.0,
  • big-ip edge gateway 11.1.0,
  • big-ip edge gateway 11.2.0,
  • big-ip edge gateway 11.2.1,
  • big-ip edge gateway 11.3.0,
  • big-ip local traffic manager 10.0.0,
  • big-ip local traffic manager 10.0.1,
  • big-ip local traffic manager 10.1.0,
  • big-ip local traffic manager 10.2.0,
  • big-ip local traffic manager 10.2.1,
  • big-ip local traffic manager 10.2.2,
  • big-ip local traffic manager 10.2.3,
  • big-ip local traffic manager 10.2.4,
  • big-ip local traffic manager 11.0.0,
  • big-ip local traffic manager 11.1.0,
  • big-ip local traffic manager 11.2.0,
  • big-ip local traffic manager 11.2.1,
  • big-ip local traffic manager 11.3.0,
  • big-ip local traffic manager 11.4.0,
  • big-ip local traffic manager 11.4.1,
  • big-ip local traffic manager 11.5.1,
  • big-ip policy enforcement manager 11.3.0,
  • big-ip policy enforcement manager 11.4.0,
  • big-ip policy enforcement manager 11.4.1,
  • big-ip policy enforcement manager 11.5.0,
  • big-ip policy enforcement manager 11.5.1,
  • big-ip policy enforcement manager 11.6.0,
  • big-ip protocol security module 10.0.0,
  • big-ip protocol security module 10.0.1,
  • big-ip protocol security module 10.1.0,
  • big-ip protocol security module 10.2.0,
  • big-ip protocol security module 10.2.1,
  • big-ip protocol security module 10.2.2,
  • big-ip protocol security module 10.2.3,
  • big-ip protocol security module 10.2.4,
  • big-ip protocol security module 11.0.0,
  • big-ip protocol security module 11.1.0,
  • big-ip protocol security module 11.2.0,
  • big-ip protocol security module 11.2.1,
  • big-ip protocol security module 11.3.0,
  • big-ip protocol security module 11.4.0,
  • big-ip protocol security module 11.4.1,
  • big-ip wan optimization manager 10.0.0,
  • big-ip wan optimization manager 10.0.1,
  • big-ip wan optimization manager 10.1.0,
  • big-ip wan optimization manager 10.2.0,
  • big-ip wan optimization manager 10.2.1,
  • big-ip wan optimization manager 10.2.2,
  • big-ip wan optimization manager 10.2.3,
  • big-ip wan optimization manager 10.2.4,
  • big-ip wan optimization manager 11.0.0,
  • big-ip wan optimization manager 11.1.0,
  • big-ip wan optimization manager 11.2.0,
  • big-ip wan optimization manager 11.2.1,
  • big-ip wan optimization manager 11.3.0,
  • big-ip webaccelerator 10.0.0,
  • big-ip webaccelerator 10.0.1,
  • big-ip webaccelerator 10.1.0,
  • big-ip webaccelerator 10.2.0,
  • big-ip webaccelerator 10.2.1,
  • big-ip webaccelerator 10.2.2,
  • big-ip webaccelerator 10.2.3,
  • big-ip webaccelerator 10.2.4,
  • big-ip webaccelerator 11.0.0,
  • big-ip webaccelerator 11.1.0,
  • big-ip webaccelerator 11.2.0,
  • big-ip webaccelerator 11.2.1,
  • big-ip webaccelerator 11.3.0,
  • big-iq cloud 4.0.0,
  • big-iq cloud 4.1.0,
  • big-iq cloud 4.2.0,
  • big-iq cloud 4.3.0,
  • big-iq cloud 4.4.0,
  • big-iq device 4.2.0,
  • big-iq device 4.3.0,
  • big-iq device 4.4.0,
  • big-iq security 4.0.0,
  • big-iq security 4.1.0,
  • big-iq security 4.2.0,
  • big-iq security 4.3.0,
  • big-iq security 4.4.0
Technical Analysis