CVE-2017-6137 — F5 Big-ip Analytics vulnerability

4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.7%

top 27.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +8 more

Timeline

PublishedMay 9

Latest updateMay 13

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages11 packages

▶NVDf5/big-ip_link_controller5 versions+4

▶NVDf5/big-ip_local_traffic_manager5 versions+4

▶NVDf5/big-ip_global_traffic_manager11.6.1

▶NVDf5/big-ip_websafe5 versions+4

▶NVDf5/big-ip_analytics5 versions+4

🔴Vulnerability Details

GHSA

GHSA-7wq2-9xxh-9rcq: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11↗2022-05-13

▶

CVEList

CVE-2017-6137: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11↗2017-05-09

▶

📋Vendor Advisories

CVE-2017-6137: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, a...↗2017-05-09

▶