CVE-2015-6546

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 44.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +10 more

Timeline

PublishedNov 6

Latest updateMay 14

Description

The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers to cause a denial of service via "malicious traffic."

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages13 packages

▶NVDf5/big-ip_edge_gateway5 versions+4

▶NVDf5/big-ip_link_controller11 versions+10

▶NVDf5/big-ip_analytics11 versions+10

▶NVDf5/big-ip_webaccelerator5 versions+4

▶NVDf5/big-ip_local_traffic_manager4 versions+3

🔴Vulnerability Details

GHSA

GHSA-7qm9-6278-r7h9: The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11↗2022-05-14

▶

CVEList

CVE-2015-6546: The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11↗2015-11-06

▶