CVE-2013-6016

26.10.2013, 17:55

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	7.8 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:N/I:N/A:C
certcc	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Vendor	Product	Version
f5	big-ip_global_traffic_manager	10.0.0
f5	big-ip_global_traffic_manager	10.0.1
f5	big-ip_global_traffic_manager	10.1.0
f5	big-ip_global_traffic_manager	10.2.0
f5	big-ip_global_traffic_manager	10.2.1
f5	big-ip_global_traffic_manager	10.2.2
f5	big-ip_global_traffic_manager	11.0.0
f5	big-ip_webaccelerator	9.4.0
f5	big-ip_webaccelerator	9.4.1
f5	big-ip_webaccelerator	9.4.2
f5	big-ip_webaccelerator	9.4.3
f5	big-ip_webaccelerator	9.4.4
f5	big-ip_webaccelerator	9.4.5
f5	big-ip_webaccelerator	9.4.6
f5	big-ip_webaccelerator	9.4.7
f5	big-ip_webaccelerator	9.4.8
f5	big-ip_webaccelerator	10.0.0
f5	big-ip_webaccelerator	10.0.1
f5	big-ip_webaccelerator	10.1.0
f5	big-ip_webaccelerator	10.2.0
f5	big-ip_webaccelerator	10.2.1
f5	big-ip_webaccelerator	10.2.2
f5	big-ip_webaccelerator	10.2.3
f5	big-ip_webaccelerator	10.2.4
f5	big-ip_webaccelerator	11.0.0
f5	big-ip_webaccelerator	11.1.0
f5	big-ip_webaccelerator	11.2.0
f5	big-ip_webaccelerator	11.2.1
f5	big-ip_webaccelerator	11.3.0
f5	big-ip_local_traffic_manager	10.0.0
f5	big-ip_local_traffic_manager	10.0.1
f5	big-ip_local_traffic_manager	10.1.0
f5	big-ip_local_traffic_manager	10.2.0
f5	big-ip_local_traffic_manager	10.2.1
f5	big-ip_local_traffic_manager	10.2.2
f5	big-ip_local_traffic_manager	11.0.0
f5	big-ip_application_security_manager	10.0.0
f5	big-ip_application_security_manager	10.0.1
f5	big-ip_application_security_manager	10.1.0
f5	big-ip_application_security_manager	10.2.0
f5	big-ip_application_security_manager	10.2.1
f5	big-ip_application_security_manager	10.2.2
f5	big-ip_application_security_manager	11.0.0
f5	big-ip_access_policy_manager	10.1.0
f5	big-ip_access_policy_manager	10.2.0
f5	big-ip_access_policy_manager	10.2.1
f5	big-ip_access_policy_manager	10.2.2
f5	big-ip_access_policy_manager	11.0.0
f5	big-ip_wan_optimization_manager	10.0.0
f5	big-ip_wan_optimization_manager	10.0.1
f5	big-ip_wan_optimization_manager	10.1.0
f5	big-ip_wan_optimization_manager	10.2.0
f5	big-ip_wan_optimization_manager	10.2.1
f5	big-ip_wan_optimization_manager	10.2.2
f5	big-ip_wan_optimization_manager	11.0.0
f5	big-ip_edge_gateway	10.1.0
f5	big-ip_edge_gateway	10.2.0
f5	big-ip_edge_gateway	10.2.1
f5	big-ip_edge_gateway	10.2.2
f5	big-ip_edge_gateway	11.0.0
f5	big-ip_protocol_security_module	9.4.5
f5	big-ip_protocol_security_module	9.4.6
f5	big-ip_protocol_security_module	9.4.7
f5	big-ip_protocol_security_module	9.4.8
f5	big-ip_protocol_security_module	10.0.0
f5	big-ip_protocol_security_module	10.0.1
f5	big-ip_protocol_security_module	10.1.0
f5	big-ip_protocol_security_module	10.2.0
f5	big-ip_protocol_security_module	10.2.1
f5	big-ip_protocol_security_module	10.2.2
f5	big-ip_protocol_security_module	10.2.3
f5	big-ip_protocol_security_module	10.2.4
f5	big-ip_protocol_security_module	11.0.0
f5	big-ip_protocol_security_module	11.1.0
f5	big-ip_protocol_security_module	11.2.0
f5	big-ip_protocol_security_module	11.2.1
f5	big-ip_protocol_security_module	11.3.0
f5	big-ip_protocol_security_module	11.4.0
f5	big-ip_protocol_security_module	11.4.1
f5	big-ip_link_controller	10.0.0
f5	big-ip_link_controller	10.0.1
f5	big-ip_link_controller	10.1.0
f5	big-ip_link_controller	10.2.0
f5	big-ip_link_controller	10.2.1
f5	big-ip_link_controller	10.2.2
f5	big-ip_link_controller	11.0.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://secunia.com/advisories/55378

http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13233.html

http://www.securitytracker.com/id/1029220

https://exchange.xforce.ibmcloud.com/vulnerabilities/88166

http://secunia.com/advisories/55378

http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13233.html

http://www.securitytracker.com/id/1029220

https://exchange.xforce.ibmcloud.com/vulnerabilities/88166