CVE-2017-0305 — Networks SSL Intercept Iapp Version vulnerability

5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

2.9%

top 13.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Networks SSL Intercept Iapp Version F5 SSL Intercept Iapp

Timeline

PublishedApr 6

Latest updateMay 13

Description

F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5f5_networks/ssl_intercept_iapp_version1.5.0 - 1.5.7

▶NVDf5/ssl_intercept_iapp1.5.0, 1.5.7+1

🔴Vulnerability Details

GHSA

GHSA-xqxc-xrjc-68wf: F5 SSL Intercept iApp version 1↗2022-05-13

▶

CVEList

CVE-2017-0305: F5 SSL Intercept iApp version 1↗2017-04-06

▶

💥Exploits & PoCs

Nuclei

Ncast busiFacade - Remote Command Execution

▶

📋Vendor Advisories

CVE-2017-0305: F5 SSL Intercept iApp version 1↗2017-04-06

▶