CVE-2017-6161Uncontrolled Resource Consumption in F5 Big-ip Link Controller

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
2.7%
top 13.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Acceleration Manager+8 more
Timeline
PublishedOct 27
Latest updateMay 17

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages11 packages

NVDf5/big-ip_link_controller11.5.011.5.4+7
NVDf5/big-ip_edge_gateway15 versions+14
NVDf5/big-ip_webaccelerator16 versions+15
NVDf5/big-ip_domain_name_system11.4.011.5.4+7
NVDf5/big-ip_access_policy_manager11.5.011.5.4+7

🔴Vulnerability Details

2
GHSA
GHSA-r2cf-532c-v5v7: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 122022-05-17
CVEList
CVE-2017-6161: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 122017-10-27

📋Vendor Advisories

1
F5
CVE-2017-6161: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator softwar...2017-10-27
CVE-2017-6161 — Uncontrolled Resource Consumption in F5 | cvebase