CVE-2017-6147 — F5 Big-ip Analytics vulnerability

4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.7%

top 28.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Networks INC F5 Big-ip F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager +8 more

Timeline

PublishedSep 18

Latest updateMay 13

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages11 packages

▶NVDf5/big-ip_link_controller12.1.2, 13.0.0+1

▶NVDf5/big-ip_websafe12.1.2, 13.0.0+1

▶NVDf5/big-ip_analytics12.1.2, 13.0.0+1

▶CVEListV5f5_networks_inc/f5_big-ipv13.0.0, v12.1.2-HF1

▶NVDf5/big-ip_domain_name_system12.1.2, 13.0.0+1

🔴Vulnerability Details

GHSA

GHSA-gp2j-jj5j-9v8x: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12↗2022-05-13

▶

CVEList

CVE-2017-6147: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12↗2017-09-18

▶

📋Vendor Advisories

CVE-2017-6147: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12↗2017-09-18

▶