CVE-2017-6141

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
f5CNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
f5big-ip_access_policy_manager
12.1.0
f5big-ip_access_policy_manager
12.1.1
f5big-ip_access_policy_manager
12.1.2
f5big-ip_advanced_firewall_manager
12.1.0
f5big-ip_advanced_firewall_manager
12.1.1
f5big-ip_advanced_firewall_manager
12.1.2
f5big-ip_application_acceleration_manager
12.1.0
f5big-ip_application_acceleration_manager
12.1.1
f5big-ip_application_acceleration_manager
12.1.2
f5big-ip_application_security_manager
12.1.0
f5big-ip_application_security_manager
12.1.1
f5big-ip_application_security_manager
12.1.2
f5big-ip_link_controller
12.1.0
f5big-ip_link_controller
12.1.1
f5big-ip_link_controller
12.1.2
f5big-ip_local_traffic_manager
12.1.0
f5big-ip_local_traffic_manager
12.1.1
f5big-ip_local_traffic_manager
12.1.2
f5big-ip_policy_enforcement_manager
12.1.0
f5big-ip_policy_enforcement_manager
12.1.1
f5big-ip_policy_enforcement_manager
12.1.2
f5big-ip_websafe
12.1.0
f5big-ip_websafe
12.1.1
f5big-ip_websafe
12.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.f5.com/csp/article/K21154730
https://support.f5.com/csp/article/K21154730