CVE-2017-6164

CWE-20Improper Input Validation4 documents4 sources
Severity
8.1HIGH
EPSS
2.5%
top 14.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+10 more
Timeline
PublishedDec 21
Latest updateMay 14

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages13 packages

NVDf5/big-ip_edge_gateway11.6.011.6.1+7
NVDf5/big-ip_link_controller11.6.011.6.1+7
NVDf5/big-ip_websafe11.6.011.6.1+7
NVDf5/big-ip_analytics11.6.011.6.1+7
NVDf5/big-ip_webaccelerator11.6.011.6.1+7

🔴Vulnerability Details

2
GHSA
GHSA-9c6g-fxpf-p2p8: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 132022-05-14
CVEList
CVE-2017-6164: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 132017-12-21

📋Vendor Advisories

1
F5
CVE-2017-6164: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and Web...2017-12-21
CVE-2017-6164 (HIGH CVSS 8.1) | In F5 BIG-IP LTM | cvebase.io