CVE-2017-6161

27.10.2017, 14:29

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
f5	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Vendor	Product	Version
f5	big-ip_local_traffic_manager	11.5.0 ≤ 𝑥 ≤ 11.5.4
f5	big-ip_local_traffic_manager	11.2.1
f5	big-ip_local_traffic_manager	11.6.0
f5	big-ip_local_traffic_manager	11.6.1
f5	big-ip_local_traffic_manager	12.0.0
f5	big-ip_local_traffic_manager	12.1.0
f5	big-ip_local_traffic_manager	12.1.1
f5	big-ip_local_traffic_manager	12.1.2
f5	big-ip_application_acceleration_manager	11.5.0 ≤ 𝑥 ≤ 11.5.4
f5	big-ip_application_acceleration_manager	11.2.1
f5	big-ip_application_acceleration_manager	11.6.0
f5	big-ip_application_acceleration_manager	11.6.1
f5	big-ip_application_acceleration_manager	12.0.0
f5	big-ip_application_acceleration_manager	12.1.0
f5	big-ip_application_acceleration_manager	12.1.1
f5	big-ip_application_acceleration_manager	12.1.2
f5	big-ip_advanced_firewall_manager	11.5.0 ≤ 𝑥 ≤ 11.5.4
f5	big-ip_advanced_firewall_manager	11.2.1
f5	big-ip_advanced_firewall_manager	11.6.0
f5	big-ip_advanced_firewall_manager	11.6.1
f5	big-ip_advanced_firewall_manager	12.0.0
f5	big-ip_advanced_firewall_manager	12.1.0
f5	big-ip_advanced_firewall_manager	12.1.1
f5	big-ip_advanced_firewall_manager	12.1.2
f5	big-ip_access_policy_manager	11.5.0 ≤ 𝑥 ≤ 11.5.4
f5	big-ip_access_policy_manager	11.2.1
f5	big-ip_access_policy_manager	11.6.0
f5	big-ip_access_policy_manager	11.6.1
f5	big-ip_access_policy_manager	12.0.0
f5	big-ip_access_policy_manager	12.1.0
f5	big-ip_access_policy_manager	12.1.1
f5	big-ip_access_policy_manager	12.1.2
f5	big-ip_application_security_manager	11.5.0 ≤ 𝑥 ≤ 11.5.4
f5	big-ip_application_security_manager	11.2.1
f5	big-ip_application_security_manager	11.6.0
f5	big-ip_application_security_manager	11.6.1
f5	big-ip_application_security_manager	12.0.0
f5	big-ip_application_security_manager	12.1.0
f5	big-ip_application_security_manager	12.1.1
f5	big-ip_application_security_manager	12.1.2
f5	big-ip_link_controller	11.5.0 ≤ 𝑥 ≤ 11.5.4
f5	big-ip_link_controller	11.2.1
f5	big-ip_link_controller	11.6.0
f5	big-ip_link_controller	11.6.1
f5	big-ip_link_controller	12.0.0
f5	big-ip_link_controller	12.1.0
f5	big-ip_link_controller	12.1.1
f5	big-ip_link_controller	12.1.2
f5	big-ip_policy_enforcement_manager	11.5.0 ≤ 𝑥 ≤ 11.5.4
f5	big-ip_policy_enforcement_manager	11.2.1
f5	big-ip_policy_enforcement_manager	11.6.0
f5	big-ip_policy_enforcement_manager	11.6.1
f5	big-ip_policy_enforcement_manager	12.0.0
f5	big-ip_policy_enforcement_manager	12.1.0
f5	big-ip_policy_enforcement_manager	12.1.1
f5	big-ip_policy_enforcement_manager	12.1.2
f5	big-ip_domain_name_system	11.4.0 ≤ 𝑥 ≤ 11.5.4
f5	big-ip_domain_name_system	11.2.1
f5	big-ip_domain_name_system	11.6.0
f5	big-ip_domain_name_system	11.6.1
f5	big-ip_domain_name_system	12.0.0
f5	big-ip_domain_name_system	12.1.0
f5	big-ip_domain_name_system	12.1.1
f5	big-ip_domain_name_system	12.1.2
f5	big-ip_edge_gateway	11.2.1
f5	big-ip_edge_gateway	11.4.0
f5	big-ip_edge_gateway	11.4.1
f5	big-ip_edge_gateway	11.5.0
f5	big-ip_edge_gateway	11.5.1
f5	big-ip_edge_gateway	11.5.2
f5	big-ip_edge_gateway	11.5.3
f5	big-ip_edge_gateway	11.5.4
f5	big-ip_edge_gateway	11.5.5
f5	big-ip_edge_gateway	11.6.0
f5	big-ip_edge_gateway	11.6.1
f5	big-ip_edge_gateway	12.0.0
f5	big-ip_edge_gateway	12.1.0
f5	big-ip_edge_gateway	12.1.1
f5	big-ip_edge_gateway	12.1.2
f5	big-ip_global_traffic_manager	11.2.1
f5	big-ip_global_traffic_manager	11.4.0
f5	big-ip_global_traffic_manager	11.4.1
f5	big-ip_global_traffic_manager	11.5.0
f5	big-ip_global_traffic_manager	11.5.1
f5	big-ip_global_traffic_manager	11.5.2
f5	big-ip_global_traffic_manager	11.5.3
f5	big-ip_global_traffic_manager	11.5.4
f5	big-ip_global_traffic_manager	11.6.0
f5	big-ip_global_traffic_manager	11.6.1
f5	big-ip_global_traffic_manager	12.0.0
f5	big-ip_global_traffic_manager	12.1.0
f5	big-ip_global_traffic_manager	12.1.1
f5	big-ip_global_traffic_manager	12.1.2
f5	big-ip_webaccelerator	11.2.1
f5	big-ip_webaccelerator	11.4.0
f5	big-ip_webaccelerator	11.4.1
f5	big-ip_webaccelerator	11.5.0
f5	big-ip_webaccelerator	11.5.1
f5	big-ip_webaccelerator	11.5.2
f5	big-ip_webaccelerator	11.5.3
f5	big-ip_webaccelerator	11.5.4
f5	big-ip_webaccelerator	11.5.5
f5	big-ip_webaccelerator	11.6.0
f5	big-ip_webaccelerator	11.6.1
f5	big-ip_webaccelerator	11.6.2
f5	big-ip_webaccelerator	12.0.0
f5	big-ip_webaccelerator	12.1.0
f5	big-ip_webaccelerator	12.1.1
f5	big-ip_webaccelerator	12.1.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

http://www.securityfocus.com/bid/101636

http://www.securitytracker.com/id/1039675

http://www.securitytracker.com/id/1039676

https://support.f5.com/csp/article/K62279530

http://www.securityfocus.com/bid/101636

http://www.securitytracker.com/id/1039675

http://www.securitytracker.com/id/1039676

https://support.f5.com/csp/article/K62279530