CVE-2017-6159

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
f5CNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
f5big-ip_local_traffic_manager
11.6.0
f5big-ip_local_traffic_manager
11.6.1
f5big-ip_local_traffic_manager
12.0.0
f5big-ip_local_traffic_manager
12.1.0
f5big-ip_local_traffic_manager
12.1.1
f5big-ip_local_traffic_manager
12.1.2
f5big-ip_application_acceleration_manager
11.6.0
f5big-ip_application_acceleration_manager
11.6.1
f5big-ip_application_acceleration_manager
12.0.0
f5big-ip_application_acceleration_manager
12.1.0
f5big-ip_application_acceleration_manager
12.1.1
f5big-ip_application_acceleration_manager
12.1.2
f5big-ip_advanced_firewall_manager
11.6.0
f5big-ip_advanced_firewall_manager
11.6.1
f5big-ip_advanced_firewall_manager
12.0.0
f5big-ip_advanced_firewall_manager
12.1.0
f5big-ip_advanced_firewall_manager
12.1.1
f5big-ip_advanced_firewall_manager
12.1.2
f5big-ip_access_policy_manager
11.6.0
f5big-ip_access_policy_manager
11.6.1
f5big-ip_access_policy_manager
12.0.0
f5big-ip_access_policy_manager
12.1.0
f5big-ip_access_policy_manager
12.1.1
f5big-ip_access_policy_manager
12.1.2
f5big-ip_application_security_manager
11.6.0
f5big-ip_application_security_manager
11.6.1
f5big-ip_application_security_manager
12.0.0
f5big-ip_application_security_manager
12.1.0
f5big-ip_application_security_manager
12.1.1
f5big-ip_application_security_manager
12.1.2
f5big-ip_link_controller
11.6.0
f5big-ip_link_controller
11.6.1
f5big-ip_link_controller
12.0.0
f5big-ip_link_controller
12.1.0
f5big-ip_link_controller
12.1.1
f5big-ip_link_controller
12.1.2
f5big-ip_policy_enforcement_manager
11.6.0
f5big-ip_policy_enforcement_manager
11.6.1
f5big-ip_policy_enforcement_manager
12.0.0
f5big-ip_policy_enforcement_manager
12.1.0
f5big-ip_policy_enforcement_manager
12.1.1
f5big-ip_policy_enforcement_manager
12.1.2
f5big-ip_websafe
1.0.0
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/101633
http://www.securitytracker.com/id/1039669
https://support.f5.com/csp/article/K10002335
http://www.securityfocus.com/bid/101633
http://www.securitytracker.com/id/1039669
https://support.f5.com/csp/article/K10002335