F5 BIG-IP APM Endpoint Inspection Bypass Vulnerability

A vulnerability allowing the bypass of endpoint inspection checks has been identified in F5 BIG-IP APM. This issue arises from an insufficient verification of data authenticity in the Access Policy Management (APM) endpoint inspection feature. The vulnerability may be exploited by remote, authenticated attackers to bypass endpoint inspection requirements for VPN connections initiated through the BIG-IP APM browser network access VPN client. This affects users on Windows, macOS, and Linux. The vulnerability is present in BIG-IP APM versions 15.1.0 through 15.1.10, 16.1.0 through 16.1.4, and 17.1.0 to 17.1.1.

Impact

Exploitation of this vulnerability allows for the bypass of endpoint inspection checks, enabling unauthorized VPN connections to be established with a BIG-IP APM system. This could potentially lead to unauthorized access to network resources or sensitive information.

Remediation

To address this vulnerability, users can upgrade to BIG-IP APM versions 15.1.10.6.0.11.6, 16.1.5, or 17.1.2. Additionally, it is recommended to enable the 'Restrict to Single Client IP' setting in the BIG-IP APM access profile, which limits VPN sessions to a specific IP address and requires re-authentication if the IP address changes.