CVE-2017-6162Improper Restriction of Operations within the Bounds of a Memory Buffer in F5 Big-ip Link Controller

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
1.5%
top 18.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Acceleration Manager+5 more
Timeline
PublishedOct 27
Latest updateMay 17

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a fai

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages8 packages

NVDf5/big-ip_local_traffic_manager11.5.011.5.4+6
NVDf5/big-ip_link_controller11.5.011.5.4+6
NVDf5/big-ip_access_policy_manager11.5.011.5.4+6
NVDf5/big-ip_advanced_firewall_manager11.5.011.5.4+6

🔴Vulnerability Details

2
GHSA
GHSA-49wp-r47r-jrr5: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 122022-05-17
CVEList
CVE-2017-6162: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 122017-10-27

📋Vendor Advisories

1
F5
CVE-2017-6162: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software versi...2017-10-27
CVE-2017-6162 — F5 Big-ip Link Controller vulnerability | cvebase