CVE-2017-0303Incomplete Cleanup in F5 Big-ip Link Controller

CWE-459Incomplete Cleanup5 documents5 sources
Severity
7.5HIGHNVD
EPSS
2.4%
top 14.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Acceleration Manager+5 more
Timeline
PublishedOct 27
Latest updateMay 13

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

NVDf5/big-ip_link_controller13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-j3p8-q7hc-2x2w: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 132022-05-13
CVEList
CVE-2017-0303: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 132017-10-27

📋Vendor Advisories

1
F5
CVE-2017-0303: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 132017-10-27

💬Community

1
Bugzilla
CVE-2017-2807 ledger: CLI Tags Parsing Code Execution Vulnerability2017-09-06
CVE-2017-0303 — Incomplete Cleanup in F5 | cvebase