CVE-2017-6141Improper Input Validation in F5 Big-ip Link Controller

CWE-20Improper Input Validation4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.6%
top 29.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Acceleration Manager+5 more
Timeline
PublishedOct 20
Latest updateMay 17

Description

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages8 packages

NVDf5/big-ip_link_controller12.1.0, 12.1.1, 12.1.2+2
NVDf5/big-ip_websafe12.1.0, 12.1.1, 12.1.2+2
NVDf5/big-ip_local_traffic_manager12.1.0, 12.1.1, 12.1.2+2
NVDf5/big-ip_access_policy_manager12.1.0, 12.1.1, 12.1.2+2
NVDf5/big-ip_advanced_firewall_manager12.1.0, 12.1.1, 12.1.2+2

🔴Vulnerability Details

2
GHSA
GHSA-rrff-4pjq-q3cc: In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 122022-05-17
CVEList
CVE-2017-6141: In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 122017-10-20

📋Vendor Advisories

1
F5
CVE-2017-6141: In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 122017-10-20
CVE-2017-6141 — Improper Input Validation in F5 | cvebase