Last Modified: Aug 01, 2024
Affected Product(s):
F5OS F5OS, Velos
Known Affected Versions:
F5OS-A 1.5.0, F5OS-A 1.5.1, F5OS-A 1.5.2, F5OS-C 1.5.0, F5OS-C 1.5.1
Fixed In:
F5OS-C 1.6.1, F5OS-C 1.6.0, F5OS-A 1.7.0
Opened: Dec 06, 2022 Severity: 3-Major
When configured for RADIUS remote authentication, the F5OS systems send internal system IP address as Network Access Server (NAS) system identifier (NAS-IP-Address or NAS-IPv6-Address), rather than a system management IP. On VELOS systems, the NAS-IPv6-Address will be a link-local IPv6 address in fe80::/64. On rSeries appliances, the NAS-IP-Address will be an address in the internal address range (RFC6598 by default), e.g. 100.65.60.2.
RADIUS authentication servers may ignore or reject authentication requests due to an unknown system identifier in the requests.
RADIUS remote authentication for system users.
None.
None