CVE-2015-7759 — Improper Input Validation in F5 Big-ip Analytics

CWE-20 — Improper Input Validation3 documents3 sources

Severity

3.7LOWNVD

EPSS

0.8%

top 26.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +5 more

Timeline

PublishedJan 12

Latest updateMay 17

Description

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service (Traffic Management Microkernel (TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU) discovery.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages8 packages

▶NVDf5/big-ip_link_controller12.0.0

▶NVDf5/big-ip_analytics12.0.0

▶NVDf5/big-ip_local_traffic_manager12.0.0

▶NVDf5/big-ip_access_policy_manager12.0.0

▶NVDf5/big-ip_advanced_firewall_manager12.0.0

🔴Vulnerability Details

GHSA

GHSA-82pr-xp2w-5hfc: BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12↗2022-05-17

▶

CVEList

CVE-2015-7759: BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12↗2016-01-12

▶