CVE-2017-6160F5 Big-ip Application Acceleration Manager vulnerability

4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
4.6%
top 10.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Big-ip Application Acceleration ManagerF5 Big-ip Policy Enforcement Manager
Timeline
PublishedOct 27
Latest updateMay 13

Description

In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and tempo

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-ggm9-mvqx-95xh: In F5 BIG-IP AAM and PEM software version 122022-05-13
CVEList
CVE-2017-6160: In F5 BIG-IP AAM and PEM software version 122017-10-27

📋Vendor Advisories

1
F5
CVE-2017-6160: In F5 BIG-IP AAM and PEM software version 122017-10-27
CVE-2017-6160 — F5 vulnerability | cvebase